CVE-2023-28447 PoC — Smarty 跨站脚本漏洞

Source

https://github.com/drkbcn/lblfixer_cve_2023_28447

Associated Vulnerability

Title:Smarty 跨站脚本漏洞 (CVE-2023-28447)
Description:Smarty是基于PHP的模板引擎，有助于将表示 (HTML/CSS) 与应用程序逻辑分离。 Smarty 4.3.1之前版本和3.1.48之前版本存在跨站脚本漏洞，该漏洞源于没有正确转义 javascript 代码。攻击者可以利用该漏洞在用户浏览器会话的上下文中执行任意 JavaScript 代码。

Description

Module for PrestaShop 1.7.X to fix CVE-2023-28447 vulnerability (Smarty XSS)

Readme

# LabelGrup Networks, official PrestaShop Partner

![LabelGrup Logo](logo.png)

Module for PrestaShop 1.7.X to fix CVE-2023-28447 vulnerability (Smarty JavaScript XSS)

For further information, check the following links: 
- CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-28447
- GitHub: https://github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwj

**Instructions:**

 1. Download the latest release from this repository.
 2. Install the downloaded ZIP as a normal addon, this will replace/copy the needed files to your current PrestaShop.
 3. Be aware: If you remove the addon, your PrestaShop will be reverted to its original state, exposing the vulnerability again.

Visit our website:
https://www.labelgrup.com

File Snapshot


 [4.0K]  /data/pocs/fb529da0aee138b3e8ee11afc0b9b0dfae9299a9
├── [4.0K]  backup
│   └── [ 533]  index.php
├── [ 533]  index.php
├── [5.9K]  lblfixer_cve_2023_28447.php
├── [ 14K]  logo.png
├── [4.0K]  patches
│   ├── [ 533]  index.php
│   ├── [ 378]  modifiercompiler.escape.php.patch
│   └── [  69]  modifier.escape.php.patch
└── [ 731]  README.md

2 directories, 8 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!