prestashop hack featured image

Prestashop Hacked? Find out Symptoms, Cause & Fixes

Prestashop is an open source e-commerce solution. It was first started as a school project. However, the open source community caught up pretty soon. So being open source, it uses PHP and Mysql for database management. The code for Prestashop can be seen by anyone as it is open source. As anyone can see it, so anyone can find bugs. Prestashop security has suffered major vulnerabilities this year. These range from Prestashop SQL injection to buggy cookie encryption that can be the cause of your Prestashop hacked. E-commerce security is of prime importance as it is related to instant revenue loss. The ‘Prestashop hack‘ is on a rise due to the widespread use of this e-commerce solution. Hence, the users need to invest more time and money in Prestashop security.

Related Article – PrestaShop Caught in Spam Exploit

Prestashop Hacked: Possible Outcomes of Prestashop Hack

Prestashop Hacked: Possible Causes of a Prestashop Hack?

1) Prestashop Hacked: Prestashop SQL injection

SQL injection in Prestashop is a common vulnerability. It is severe because it deals with the database. It occurs due to providing an unsanitized input. The DBMS then executes the query from the input and leads to the disclosure of sensitive information. Even system takeover in some cases. Prestashop SQL injection was first reported in 2014. PrestaShop 1.6.0 and other versions were reported to be vulnerable. The problem was within the parameter id_manufacturer 

http://example.com/ajax/getSimilarManufacturer.php?id_manufacturer=3[SQL-injection]

The following line of code gives unsanitized input after the id_manufacturer. So, the attacker can read the database. This would compromise the Prestashop security. Furthermore, to automatically exploit tools like Sqlmap, Sqlninja etc are used.

Recently another Prestashop SQL injection has been discovered. Prestashop (1.5.5.0 – 1.7.2.5) suffers from this vulnerability. It has been dubbed as CVE-2018-8824. Moreover, this is caused by the module named Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro. So if you happen to install this module, update it now!

GET: http://site/modules/bamegamenu/ajax_phpcode.php?code=p(Db::getInstance()-

>ExecuteS("show tables"));

The following code fetches the data using ajax query from the vulnerable parameter. It shows the tables present in the database. Simply replacing the statement show tables with the statement of choice, database operations can be performed. So, the attacker can read sensitive tables. These tables reveal login credentials. The Prestashop security has been breached. The dashboard is open to the Prestashop hack!

2) Prestashop Hacked: Privilege Escalation

Privilege Escalation is a serious Prestashop security issue. This occurs when a user with lower administrative privileges is granted higher privileges. Privilege escalation for Prestashop security was first reported in 2011. A recent one was discovered in 2018. Prestashop versions below 1.6.1.19 suffered from this. The vulnerability was dubbed as CVE-2018-13784. The fault lies with the buggy encryption of the user cookie. Prestashop uses Blowfish/ECD or AES  encryption via openssl_encrypt(). So, it is vulnerable to padding oracle attack. Moreover, this gives an attacker the ability to read/write the contents of a Prestashop cookie. Thus one can access cookies not meant for it. This leads to a privilege escalation. The attacker could thus:

  • Access any user session.
  • Steal sensitive info like credit card details etc.
  • Become the admin of the website and create havoc!

The process of issuing cookies takes place in ./classes/Cookie.php. A script for exploiting this vulnerability has already been released on the www.exploit-db.com. This has sped up the process of Prestashop hack around the world.

Prestashop Hacked? Drop us a message on the chat widget and we’d be happy to assist you with your Prestashop website. Secure your Prestashop website now.

3) Prestashop Hacked: Compatibility Issues

Quite often there are compatibility issues. Probably while running Prestashop on a WordPress installation. WordPress automatically updates to the latest version. In contrast, this is a pretty sane practice. However, the bone of contention lies in a failed update. So, this is further clarified by seeing a failed WordPress update process.

failed wordpress update process of prestashop hacked

From the image, everything looks fine but no! The WordPress just created a .txt copy of the file wp-config.php . Therefore, the sensitive info of Prestashop database is in the form of a text file on the server. There are scanners specially designed to look for such files. The attacker can then conduct a Prestashop hack. All because of faulty WordPress installation. So, such compatibility issues arise in the Prestashop security from time to time.

4) Prestashop Hacked: Remote Code Execution

This is the result of a buggy coding. This allows an attacker to remotely run code on your machine. As a result, your server can be completely compromised. A remote code execution vulnerability was found in Prestashop security this year itself. Dubbed as  CVE-2018-8823 this was found in Responsive Mega Menu Pro module. Versions up to 1.0.32 are vulnerable. This was basically caused because of an unknown function in file modules/bamegamenu/ajax_phpcode.php. The parameters can be tweaked to run code remotely. Moreover, no form of authentication is required to exploit it.

5) Prestashop Hacked: Weak Passwords and Directory Permissions

It is quite possible that a simple word like ‘admin‘ can compromise a large firm. Often, default installation is overlooked upon. Ensure no installation has a default password. Moreover, see that the root directory is not visible on the internet. This could leak sensitive installation files.

6) Prestashop Hacked: Arbitrary File Upload

Sometimes proper checks and balances are not implemented. So, Prestashop then allows uploading specially crafted files. This is a serious issue as it could compromise the website. It can be used to install malware in the system. Moreover, there are google dorks available to check for vulnerable files in bulk. For example:

inurl:"/modules/columnadverts2/"

or

inurl:"/modules/columnadverts/"

Simply by doing a google search of these terms, one can find vulnerable Prestashop servers. It cannot always be blamed on faulty coding. This could also be due to faulty permissions set by you.

7) Prestashop Hacked: XSS and Zero Day Exploits

Cross-Site Scripting XSS is one of the most common vulnerability. Successful exploitation of an XSS can lead to:

  • Compromising the admin account.
  • Accessing admin cookie.
  • Malicious cookie stealing code in the comments.
  • Download malware on the user’s system.
  • Access sensitive files and info.

Apart from this, a zero-day exploit could have compromised your website. A zero-day exploit is basically an unreported vulnerability. As it is not reported, there is no patch available for it. The best solution is a Prestashop firewall like Astra to delay or prevent the attack.

Prestashop Hacked: Japanese & Pharma Keyword Hack (SEO Spam)

This a Blackhat SEO technique in which the search engine results of your website are hacked. Search engine bots like Google or Bing will crawl your website as if it is in Japanese or related to Pharma. You can detect this hack by typing following query in Google. Some people confuse Japanese SEO spam with Chinese characters.

Site:example.com or Site:example.com japan or Site:example.com viagra

Here is a screenshot of how Japanese SEO Spam and Pharma spam looks-

Japanese SEO Spam in Prestashop
Japanese Keyword Hack
Viagra Results in prestashop
Pharma Hack in Prestashop

You can check our detailed guide on how to fix Japanese SEO spam and Pharma Hack in Prestashop.

Prestashop Hacked? Drop us a message on the chat widget and we’d be happy to assist you with your Prestashop website. Secure your Prestashop website now.

Cleanup After is Prestashop Hacked

1) Prestashop Security: Block Access

If your Prestashop got hacked, first block access to sensitive folders. This can be done by creating a .htaccess file inside them. In that file write:

Order Deny,Allow
Deny from all
Allow from 22.33.44.55

This piece of code denies access to the file/folder. Further, the last line specifies which IPs to allow. You can also add a range of IPs. You might wanna look at modified .htaccess files too. Clean them first in case of a Prestashop hack.

2) Prestashop Security: Check Permission

Secondly, ensure that there are correct permissions for files. In case of directories they are 755 (rwxr-xr-x)  and for files 644(rw-r--r--) . Ensure they are set correctly to prevent misuse of file access.

3) Prestashop Security: Rogue Modules

We have seen cases in which Prestashop got hacked because of vulnerable plugins. Look out for buggy or outdated modules. Update or replace them. There are always alternate options available.

4) Prestashop Security: Encryption

Encrypt login values in admin tables. This can act as a second barrier in case the database is compromised. Also, use the separate database for other web application installed on the same server.

5) Prestashop Security: Passwords

Use strong FTP and login credentials. Do not use commonly used words or phrases!

6) Prestashop Security: Obsfuricated code

Hackers try to hide code. They do so by using encoding not readable to human eyes. So, probably wanna look out for code hidden in base64 format. Manually it’s like finding a needle in a haystack. A simple piece of code can do the trick.

find . -name "*.php" -exec grep "base64"'{}'\; -print &> weirdcode.txt

This code would look for base64 encoded code and save it inside weirdcode.txt. From here on analyzing what’s wrong. Probably wanna look out for redirecting domains like:

<li><a href="weird-domain.com">Something1</a></li>

Look in the file weirdcode.txt for some fishy domains.

7) Prestashop Security: Update and Backup

Backup all your files if you haven’t. Update them regularly. Install a fresh installation from the official sites. Stay updated about recent patches. Official blogs are the best for this purpose.

Prestashop Hacked? Drop us a message on the chat widget and we’d be happy to assist you with your Prestashop website. Secure your Prestashop website now.

8) Prestashop Security: Prestashop Firewall

To avoid Prestashop hack in future use a firewall. A firewall basically keeps unauthorized users out of your system. There are pretty cool firewalls available in the market. Some are free others can cost you a cup of coffee. You can also use a plugin for this purpose.

Conclusion

A Prestashop hack can lead to total destruction of your business. E-commerce security is a sensitive issue. Cleaning up the mess created by Prestashop hack is a mammoth task. Therefore prevention is better than cure. So, use WAF or security solution to keep the hackers at bay. Also, update your installations regularly and keep checking for suspicious activity. Remember you are as strong as your weakest link!

Take an Astra demo now!

Web Application Firewall Magento, Opencart Prestashop

Waiting to Get Hacked?

Get security tips & latest vulnerability fixes right in your inbox:

About The Author

A computer nerd. Loves working with Sqlmap and BeEF (the software) ;) Has experience in wireless pen tests. Owns a chatbot on Pandorabots named Mark1. In free time he can be found saving some goals.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close