CVE-2018-13784 PoC — PrestaShop 加密问题漏洞

Source

https://github.com/ambionics/prestashop-exploits

Associated Vulnerability

Title:PrestaShop 加密问题漏洞 (CVE-2018-13784)
Description:PrestaShop是美国PrestaShop公司的一套开源的电子商务解决方案。该方案提供多种支付方式、短消息提醒和商品图片缩放等功能。 PrestaShop 1.6.1.20之前版本和1.7.3.4之前的1.7.x版本中存在安全漏洞，该漏洞源于在Cookie.php、Rinjdael.php和Blowfish.php文件中程序没有正确的处理cookie的加密。攻击者可利用该漏洞获取敏感信息。

Description

Collection of exploits/POC for PrestaShop cookie vulnerabilities (CVE-2018-13784)

Readme

# prestashop-exploits
Collection of exploits/POCs for PrestaShop cookie vulnerabilities (CVE-2018-13784)

Refer to https://ambionics.io/blog/prestashop-privilege-escalation for details.

File Snapshot


 [4.0K]  /data/pocs/f66c03c3ee7b7a99e55902048b9c2faef8d9e2fa
├── [4.0K]  prestashop_aes_cbc
│   └── [3.0K]  prestashop_cbc_read.py
├── [4.0K]  prestashop_blowfish_ecb
│   ├── [5.7K]  crc_xor.c
│   └── [ 33K]  exploit.py
└── [ 188]  README.md

2 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!