CVE-2023-4168
published 2023-08-05CVE-2023-4168: A vulnerability was found in Templatecookie Adlisting 2.14.0. It has been classified as problematic. Affected is an unknown function of the file /ad-list of…
PriorityP264high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
36.20%
98.3th percentile
A vulnerability was found in Templatecookie Adlisting 2.14.0. It has been classified as problematic. Affected is an unknown function of the file /ad-list of the component Redirect Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| templatecookie | adlisting | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →HTTP GET request to /ad-list-search or /ad-list endpoints returning HTTP 200 with body containing all three strings: 'google_map_key', 'api_key', and 'auth_domain' simultaneously indicates successful information disclosure exploitation. ↗
- →Sensitive fields exposed in redirect/page response bodies to look for include: google_map_key, api_key, auth_domain, project_id, storage_bucket, messaging_sender_id, app_id, and measurement_id — all corresponding to Firebase Push Notification Configuration. ↗
- →The vulnerability is unauthenticated (PR:N, UI:N) and exploitable via a simple GET request with no special headers or authentication required. ↗
- →Monitor HTTP responses from /ad-list* paths for content-type text/html with status 200 containing Firebase/Google API credential field names, which should never appear in unauthenticated page responses. ↗
- ·The vulnerability affects specifically version 2.14.0 of Templatecookie Adlisting; the CPE scope is narrow and detection should be scoped accordingly. ↗
- ·The same leaked credentials (API keys, server keys, app ID) are also stored in the Firebase Push Notification Configuration in the Administration Panel at /push-notification, meaning a compromise of the page response also implies those admin-configured credentials are exposed. ↗
- ·The EPSS score is extremely high (0.733, 98.8th percentile), indicating this vulnerability has a very high probability of being exploited in the wild and should be prioritized. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure
exploitdb·2023-08-08·CVSS 4.3
CVE-2023-4168 [MEDIUM] Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure
Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure
---
# Exploit Title: Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure
# Exploit Author: CraCkEr
# Date: 25/07/2023
# Vendor: Templatecookie
# Vendor Homepage: https://templatecookie.com/
# Software Link: https://templatecookie.com/demo/adlisting-classified-ads-script
# Version: 2.14.0
# Tested on: Windows 10 Pro
# Impact: Sensitive Information Leakage
# CVE: CVE-2023-4168
## Description
Information disclosure issue in the redirect responses, When accessing any page on the website,
Sensitive data, such as API keys, server keys, and app IDs, is being exposed in the body of these redirects.
## Steps to Reproduce:
When you visit any page on the website, like:
https://website/ad-list?catego
Nuclei
Adlisting Classified Ads 2.14.0 - Information Disclosure
nuclei·CVSS 7.5
CVE-2023-4168 [HIGH] Adlisting Classified Ads 2.14.0 - Information Disclosure
Adlisting Classified Ads 2.14.0 - Information Disclosure
Information disclosure issue in the redirect responses, When accessing any page on the website, Sensitive data, such as API keys, server keys, and app IDs, is being exposed in the body of these redirects.
Template:
id: CVE-2023-4168
info:
name: Adlisting Classified Ads 2.14.0 - Information Disclosure
author: r3Y3r53
severity: high
description: |
Information disclosure issue in the redirect responses, When accessing any page on the website, Sensitive data, such as API keys, server keys, and app IDs, is being exposed in the body of these redirects.
impact: |
Unauthenticated attackers can access sensitive API keys, server keys, and app IDs exposed in redirect responses, potentially compromising integrated third-party services and th
No writeups or analysis indexed.
http://packetstormsecurity.com/files/174015/Adlisting-Classified-Ads-2.14.0-Information-Disclosure.htmlhttps://vuldb.com/?ctiid.236184https://vuldb.com/?id.236184http://packetstormsecurity.com/files/174015/Adlisting-Classified-Ads-2.14.0-Information-Disclosure.htmlhttps://vuldb.com/?ctiid.236184https://vuldb.com/?id.236184
2023-08-05
Published