CVE-2023-27640 PoC — PrestaShop 路径遍历漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-27640.yaml

Associated Vulnerability

Title:PrestaShop 路径遍历漏洞 (CVE-2023-27640)
Description:PrestaShop是美国PrestaShop公司的一套开源的电子商务解决方案。该方案提供多种支付方式、短消息提醒和商品图片缩放等功能。 PrestaShop tshirtecommerce 2.1.4及之前版本存在安全漏洞，该漏洞源于可以使用端点中的POST参数来请求tshirtecommerce/ajax.php?type=svg，攻击者利用该漏洞能够在系统上执行目录遍历并打开文件，而不受扩展名和路径的限制。

Description

The Custom Product Designer (tshirtecommerce) module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files.

File Snapshot


 id: CVE-2023-27640

info:
  name: PrestaShop tshirtecommerce - Directory Traversal
  author: MaStErC

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!