nuclei-templates/http/cves/2023/CVE-2023-4168.yaml

42 lines
1.5 KiB
YAML

id: CVE-2023-4168
info:
name: Adlisting Classified Ads 2.14.0 - Information Disclosure
author: r3Y3r53
severity: high
description: |
Information disclosure issue in the redirect responses, When accessing any page on the website, Sensitive data, such as API keys, server keys, and app IDs, is being exposed in the body of these redirects.
reference:
- https://www.exploit-db.com/exploits/51667
- https://templatecookie.com/demo/adlisting-classified-ads-script
- https://nvd.nist.gov/vuln/detail/CVE-2023-4168
- https://vuldb.com/?ctiid.236184
- https://vuldb.com/?id.236184
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2023-4168
cwe-id: CWE-200,NVD-CWE-noinfo
epss-score: 0.25059
epss-percentile: 0.96188
cpe: cpe:2.3:a:templatecookie:adlisting:2.14.0:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: templatecookie
product: adlisting
tags: cve,cve2023,adlisting,exposure
http:
- method: GET
path:
- "{{BaseURL}}/ad-list-search?keyword=&lat=&long=&long=&lat=&location=&category=&keyword="
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains_all(body, "google_map_key", "api_key", "auth_domain")'
condition: and
# digest: 4a0a00473045022100b8dbf27aaaff5cc741abb41a7e05dbe53506d82f7bc999bf9833391706db40b702204ff4485812de0d9afd90acf8a092a7628bf87553a863ad151179849f1daea767:922c64590222798bb761d5b6d8e72950