What are the fixes for PrestaShop website vulnerabilities?

There are more and more loopholes in the PrestaShop website. The website system is an open source system used by many foreign trade websites. From the previous initial version 1.0 to the current version 1.7, it has gone through many upgrades, and people who use the system have also More and more, there are many domestic foreign trade companies using this system. PrestaShop has high scalability, many templates, free switching of multiple currencies, and supports credit card and Paypal payment, making it the first choice for foreign trade websites. Just in the past few days, it was revealed that PrestaShop has a remote code injection vulnerability. This vulnerability has a relatively small impact and is relatively harmful. It can upload a webshell to the root directory of the website.

On November 7, 2018, PrestaShop officially released the latest version and fixed the website’s vulnerabilities, including previously exposed file upload vulnerabilities and malicious deletion of picture folders. The vulnerability requires the background management rights of the website to be exploited.

The PrestaShop vulnerability discovered this time is a remote code injection vulnerability. The code generated by the vulnerability is as follows. The ajax_calls.php code in the filemanager file in the admin-dev directory in the background. This remote injection vulnerability is a background processing upload. It is caused by the function of the file. The getimagesize() function in the code is a function to obtain the image address. This function uses PHP deserialization. This deserialization has a function of remote calling, that is, there is remote code injection in this function. and execution, we construct a malicious injection code and submit it to the image code, and our code will be executed. Let's demonstrate it. First, set up a Linux server and set up the apache mysql database environment. Copy the PrestaShop code to the server and execute Installation and debugging can be turned on.

Let's try how to exploit this vulnerability. Call the dialog.php file in the filemanager folder under the admin-rename directory in the background. This page is to control the uploaded file. , when uploading images, action can be used to securely control the uploaded parameters. We can construct code execution, admin-rename/filemanager/execute.php?action=rename_folder, submit in the form of post, and send data to this file code. Using PHP's deserialization, you can automatically parse the code and achieve the effect of remote code injection execution.

PrestaShop website vulnerability repair and method

Upgrade the version of PrestaShop to the latest version, set the parsing function of php.ini to off, specifically phar.readonly=off, set it to off here, for the website The upload function strengthens security filtering, filters the insertion of illegal parameters, and provides functional annotations for the website's vulnerability code.

The above is the detailed content of What are the fixes for PrestaShop website vulnerabilities?. For more information, please follow other related articles on the PHP Chinese website!