v1.6-v1.7-v8x Urgent Security vulnerability for those ho installed "Super checkout module" all versions

Coolt

Well-known member
Diamond
Elite
XNullUser
Joined
Dec 20, 2021
Messages
335
Reaction score
285
Points
63
NullCash
3,027
Be crefull there is a hacker ho try to hack the "super checkout module" through vulnerabilities with php:

1- Try to check your logs, you must retrieve a user agent called "python"
2- Check your module files through ftp

- Files/path witch he try to access:

?fc=module&module=supercheckout&controller=supercheckout&ajax=1&method=SaveFilesCustomField

and

/modules/supercheckout/views/img/upload/1709889405_2024x2024x_xsamxadoo.php.php


=> Examine any file that you are unsure of, and look for code changes to existing files, especially php files.
 

noti_italy

Well-known member
Master
Diamond
Elite
XNullUser
Joined
Jan 15, 2022
Messages
585
Reaction score
969
Points
93
NullCash
2,165
thank you for the warning

all modules you install that have upload permission functions
always analyze these functions
There are always open holes for hackers to exploit

Get to know prestashop well and configure the server to be the first blocking front

Always have fal2ban installed and with rules to analyze and ban suspicious traffic

Always have modsecurity installed with rules to block this type of suspicion

I'm in favor of blocking unwanted countries by geoip using modsecutity

certain prestashop features should only be active for logged in customers

and thank god prestashop is not wordpress
Post automatically merged:

look this
109.207.172.138 - - [08/Mar/2024:09:01:43 +0100] "POST /en//index.php?fc=module&module=supercheckout&controller=supercheckout&ajax=1&method=SaveFilesCustomField HTTP/1.0" 403 199 "-" "python-requests/2.27.1"
 

hxcode

Well-known member
Master
Diamond
Elite
Joined
Aug 16, 2020
Messages
3,561
Reaction score
429
Points
83
NullCash
84
Thank you for your reminder. Website security cannot be ignored.
 

rol5

Member
XNullUser
Joined
Mar 17, 2022
Messages
197
Reaction score
0
Points
16
NullCash
1
Thank you for your reminder. Website security cannot be ignored.
This is a really big problem.
 

vivozivo

Well-known member
Master
Diamond
Elite
Joined
Sep 24, 2019
Messages
1,252
Reaction score
618
Points
113
NullCash
19
Of course you need to be carefull with all modules downloaded from this forum, but be carefull also with modules downloaded from official Prestashop addons. Check all modules with antimalware and anti virus, and this is not enough, use always active protections on the host and site.

Reason why will someone attack Prestashop installation is always "stealing traffic", they can quicly monetise traffic, even two days is enough for them if the shop have high traffic. They will just redirect visitors (all your traffic) to different location. Sometimes they just want to send spam mail messages (fishing).

I only once downloaded content from this forum "infected" with malware, and reported imidiately this post, and "infected" post was removed the same day.
 
Last edited:

amitecosini

Member
XNullUser
Joined
Oct 11, 2023
Messages
244
Reaction score
10
Points
18
Location
US
NullCash
51
i think normal people was not think this issue or problem ,maybe you need to pay for fixed it
 

javialbox

Well-known member
Master
Diamond
Elite
Joined
May 23, 2020
Messages
466
Reaction score
1,731
Points
93
NullCash
44
Be crefull there is a hacker ho try to hack the "super checkout module" through vulnerabilities with php:

1- Try to check your logs, you must retrieve a user agent called "python"
2- Check your module files through ftp

- Files/path witch he try to access:

?fc=module&module=supercheckout&controller=supercheckout&ajax=1&method=SaveFilesCustomField

and

/modules/supercheckout/views/img/upload/1709889405_2024x2024x_xsamxadoo.php.php


=> Examine any file that you are unsure of, and look for code changes to existing files, especially php files.
Thanks for your information. You reported it to the module developers, right? To check the possible holes...This module has always had serious problems.
 

cmrcmr

Well-known member
Master
Diamond
Elite
XNullUser
Joined
Sep 6, 2019
Messages
1,022
Reaction score
1,200
Points
113
NullCash
6,378
Gracias por comentar esta vulnerabilidad :)
 

slavi_946

Active member
XNullUser
Joined
Dec 1, 2020
Messages
867
Reaction score
29
Points
28
NullCash
35
Can you please specify exactly what should we do for soemone who has no coding skills and knowledge?
 

deltas

Well-known member
Master
Diamond
Elite
Joined
Jan 13, 2020
Messages
787
Reaction score
653
Points
93
NullCash
1,404
Thanks for warning, good to know. Gonna check asap
 

ernestg

Member
XNullUser
Joined
May 29, 2019
Messages
504
Reaction score
0
Points
16
NullCash
5
thank you the the headsup and warning Prestashop shopowners ;-)
 

unique

Well-known member
Diamond
Elite
XNullUser
Joined
Dec 12, 2020
Messages
2,496
Reaction score
465
Points
83
NullCash
862
thank you the the headsup and warning Prestashop shopowners ;-)
 

javialbox

Well-known member
Master
Diamond
Elite
Joined
May 23, 2020
Messages
466
Reaction score
1,731
Points
93
NullCash
44
Can you please specify exactly what should we do for soemone who has no coding skills and knowledge?
@Coolt Can you give some clues as to where the back door of this module is? Thank you
 

eskatemp

Member
XNullUser
Joined
May 12, 2020
Messages
167
Reaction score
1
Points
18
NullCash
3
Thank you for reporting this. It is very important to download safety module :)
 
Top