Vulners
Lucene search
Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure Vulnerability | 8 Aug 202300:00 | – | zdt |
 | CVE-2023-4168 | 5 Aug 202322:11 | – | circl |
 | Templatecookie Adlisting Information Disclosure Vulnerability | 5 Aug 202300:00 | – | cnnvd |
 | CVE-2023-4168 | 5 Aug 202317:31 | – | cve |
 | CVE-2023-4168 Templatecookie Adlisting Redirect ad-list information disclosure | 5 Aug 202317:31 | – | cvelist |
 | Adlisting Classified Ads 2.14.0 - Information Disclosure | 3 Jun 202606:04 | – | nuclei |
 | CVE-2023-4168 | 5 Aug 202318:15 | – | nvd |
 | Adlisting Classified Ads 2.14.0 Information Disclosure | 7 Aug 202300:00 | – | packetstorm |
 | Design/Logic Flaw | 5 Aug 202318:15 | – | prion |
 | PT-2023-28044 · Unknown · Templatecookie Adlisting | 5 Aug 202300:00 | – | ptsecurity |
10
# Exploit Title: Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure
# Exploit Author: CraCkEr
# Date: 25/07/2023
# Vendor: Templatecookie
# Vendor Homepage: https://templatecookie.com/
# Software Link: https://templatecookie.com/demo/adlisting-classified-ads-script
# Version: 2.14.0
# Tested on: Windows 10 Pro
# Impact: Sensitive Information Leakage
# CVE: CVE-2023-4168
## Description
Information disclosure issue in the redirect responses, When accessing any page on the website,
Sensitive data, such as API keys, server keys, and app IDs, is being exposed in the body of these redirects.
## Steps to Reproduce:
When you visit any page on the website, like:
https://website/ad-list?category=electronics
https://website/ad-list-search?page=2
https://website/ad-list-search?keyword=&lat=&long=&long=&lat=&location=&category=&keyword=
in the body page response there's information leakage for
+---------------------+
google_map_key
api_key
auth_domain
project_id
storage_bucket
messaging_sender_id
app_id
measurement_id
+---------------------+
Note: The same information leaked, such as the API keys, server keys, and app ID, was added to the "Firebase Push Notification Configuration" in the Administration Panel.
Settings of "Firebase Push Notification Configuration" in the Administration Panel, on this Path:
https://website/push-notification (Login as Administrator)
[-] DoneData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Aug 2023 00:00Current
7.6High risk
Vulners AI Score7.6
CVSS 3.14.3 - 7.5
CVSS 24
CVSS 34.3
EPSS0.74653