Thursday 2 May 2013

[EN] PrestaShop 1.5.4.1 HTLM Injection

This is very nice e-commerce shop, but I think using this preg_match:

preg_match() in latest PrestaShop
will not secure us from HTML Injection attacks.

See the screen below to understand where and how we can input HTML tags:

How to exploit PrestaShop via BurpSuite

... and yes, this vulnerability exists in admin's part of application. ;)

* UPDATE *

After a few minutes I've got the idea how to extend this html injection attack to XSS, and...
there is a XSS vulnerability :)

Screen from attack is below but payload-string will not be published until vendor response.

PrestaShop - Admin XSSed


* UPDATE - 17.05.2013 *

Ok, still no response from vendor... :)

Proof of concept code to inject XSS in PrestaShop should be payload encoded by base64:
Here we have a little example:

<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></object>

Tadam... ;]

Cheers o/

1 comment:

  1. Thanks pvahora ;)
    Enjoy. If you need any help, feel free to mail me.

    ReplyDelete

What do You think...?