How the Facebook PrestaShop Module Facilitates Credit Card Theft – A Quick Look

In the ever-evolving landscape of cyber threats, a critical vulnerability has emerged, targeting e-commerce sites powered by PrestaShop. The exploit, which centers around a popular module called “Facebook” (pkfacebook) by Promokit.eu, poses a significant risk to both online retailers and their customers. Let’s delve into the details.

The Vulnerability in Facebook PrestaShop Module

The vulnerability, identified as CVE-2024-36680, resides within the facebookConnect.php script of the Facebook module. Cybercriminals can exploit this flaw by sending specially crafted HTTP requests, allowing them to inject malicious SQL code directly into the website’s database. The consequences are dire: unauthorized access to sensitive data, including customer information, payment details, and even administrative credentials.

How Attackers Exploit Facebook PrestaShop Module

Malicious actors are actively leveraging this vulnerability to deploy web skimmers—malicious scripts designed to steal credit card information during the checkout process. The implications are clear: financial fraud and identity theft loom large for unsuspecting customers.

Proof of Concept

A simple proof-of-concept (PoC) demonstrates the exploitability of CVE-2024-36680. Consider the following curl command:

curl -v "[^1^][1]";select(0x73656C65637420736C656570283432293B)INTO@a;prepare`b`from@a;execute`b`;--&email=test@test.fr

This command showcases how an attacker can forge a SQL injection to manipulate the database.

Mitigation Strategies

As responsible website owners, here are steps you can take to safeguard your e-commerce platform:

1. Upgrade Immediately: Update to the latest version of the pkfacebook module. However, bear in mind that this alone may not fully protect against all SQL injection attacks.
2. Disable Multiquery Executions: Upgrading PrestaShop will disable multiquery executions, reducing the attack surface but not eliminating it entirely.
3. Change Database Prefix: Consider changing the default database prefix to a longer, arbitrary one—an additional layer of security, though not foolproof.
4. Activate WAF Rules: Enable OWASP 942’s rules on your Web Application Firewall (WAF) to help guard against SQL injection attacks. Configure bypasses for legitimate traffic to avoid disrupting your website’s functionality.

Conclusion

In the battle against cyber threats, vigilance and proactive measures are our best allies. By addressing this vulnerability promptly, we can protect both our businesses and the trust of our valued customers. Stay secure, stay informed, and keep your e-commerce site shielded from harm.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.