PrestaShop e-commerce platform found with a zero-day vulnerability

July 26, 2022
PrestaShop Ecommerce Platform Zero Day Vulnerability Exploit SQL Injection RCE

Threat actors abused a zero-day vulnerability to perform remote code execution against online shops that use the PrestaShop platform, aiming to steal people’s payment information. After learning about the incident, the e-commerce platform’s team immediately warned about 300,000 online shops that use their service.

With the zero-day flaw tracked as CVE-2022-36408, it first targets a module or an older PrestaShop e-commerce platform version vulnerable to SQL injection abuse. As of now, the security team of the platform has yet to identify the source of the flaw, but they suspect that another third-party component could have caused it.

 

From a statement, PrestaShop explained that the attackers must have been targeting online shops that run outdated software versions or modules, making them vulnerable to zero-day flaws.

 

Researchers said the threat actors first send a POST request to a vulnerable endpoint target. A parameter-less GET request will then be sent to the shop’s homepage, creating a BLM[.]PHP file at the root directory. It is believed that the created PHP file is the web shell that makes way for the attackers to launch remote code commands.

The threat actors inject the web shell to display a fake payment form on the targeted online shop’s order checkout pages to steal customers’ banking details. Once their objective is completed, the threat actors will wipe out their tracks to prevent the website owner from detecting their presence.

Although some attackers fail to completely erase their evidence tracks inside the site’s web server, allowing the owners to spot traces and entries for unauthorised access logs, implying a compromise. Other signs of suspicious access include file modifications to hide injected malicious codes and MySQL Smarty cache storage activation.

Online shops must update their software and modules to the latest versions to protect their environment from potential hacks. It is also advised to implement the security update provided by PrestaShop in version 1.7.8.7.

The security fix will help fortify the MySQL Smarty cache storage of the websites from dangerous code injection attacks. However, the e-commerce platform’s team stressed that the security update would not remediate the problem for websites that have already been compromised.

About the author

Leave a Reply