v1.6-v1.7-v8x Urgent Security vulnerability for those ho installed "Super checkout module" all versions

C

Coolt

Well-known member
Diamond
Elite
XNullUser
Joined
Dec 20, 2021
Messages
329
Reaction score
276
Points
63
NullCash
2,934
Be crefull there is a hacker ho try to hack the "super checkout module" through vulnerabilities with php:

1- Try to check your logs, you must retrieve a user agent called "python"
2- Check your module files through ftp

- Files/path witch he try to access:

?fc=module&module=supercheckout&controller=supercheckout&ajax=1&method=SaveFilesCustomField

and

/modules/supercheckout/views/img/upload/1709889405_2024x2024x_xsamxadoo.php.php


=> Examine any file that you are unsure of, and look for code changes to existing files, especially php files.
 
N

noti_italy

Well-known member
Master
Diamond
Elite
XNullUser
Joined
Jan 15, 2022
Messages
580
Reaction score
961
Points
93
NullCash
2,220
thank you for the warning

all modules you install that have upload permission functions
always analyze these functions
There are always open holes for hackers to exploit

Get to know prestashop well and configure the server to be the first blocking front

Always have fal2ban installed and with rules to analyze and ban suspicious traffic

Always have modsecurity installed with rules to block this type of suspicion

I'm in favor of blocking unwanted countries by geoip using modsecutity

certain prestashop features should only be active for logged in customers

and thank god prestashop is not wordpress
Post automatically merged:

look this
109.207.172.138 - - [08/Mar/2024:09:01:43 +0100] "POST /en//index.php?fc=module&module=supercheckout&controller=supercheckout&ajax=1&method=SaveFilesCustomField HTTP/1.0" 403 199 "-" "python-requests/2.27.1"
 
H

hxcode

Well-known member
Master
Diamond
Elite
Joined
Aug 16, 2020
Messages
3,535
Reaction score
417
Points
83
NullCash
18
Thank you for your reminder. Website security cannot be ignored.
 
R

rol5

Member
XNullUser
Joined
Mar 17, 2022
Messages
193
Reaction score
0
Points
16
NullCash
3
Thank you for your reminder. Website security cannot be ignored.
This is a really big problem.
 
V

vivozivo

Well-known member
Master
Diamond
Elite
Joined
Sep 24, 2019
Messages
1,224
Reaction score
601
Points
113
NullCash
6
Of course you need to be carefull with all modules downloaded from this forum, but be carefull also with modules downloaded from official Prestashop addons. Check all modules with antimalware and anti virus, and this is not enough, use always active protections on the host and site.

Reason why will someone attack Prestashop installation is always "stealing traffic", they can quicly monetise traffic, even two days is enough for them if the shop have high traffic. They will just redirect visitors (all your traffic) to different location. Sometimes they just want to send spam mail messages (fishing).

I only once downloaded content from this forum "infected" with malware, and reported imidiately this post, and "infected" post was removed the same day.
 
Last edited:
A

amitecosini

Member
XNullUser
Joined
Oct 11, 2023
Messages
227
Reaction score
9
Points
18
Location
US
NullCash
5
i think normal people was not think this issue or problem ,maybe you need to pay for fixed it
 
javialbox

javialbox

Well-known member
Master
Diamond
Elite
Joined
May 23, 2020
Messages
466
Reaction score
1,729
Points
93
NullCash
155
Coolt said:
Be crefull there is a hacker ho try to hack the "super checkout module" through vulnerabilities with php:

1- Try to check your logs, you must retrieve a user agent called "python"
2- Check your module files through ftp

- Files/path witch he try to access:

?fc=module&module=supercheckout&controller=supercheckout&ajax=1&method=SaveFilesCustomField

and

/modules/supercheckout/views/img/upload/1709889405_2024x2024x_xsamxadoo.php.php


=> Examine any file that you are unsure of, and look for code changes to existing files, especially php files.
Click to expand...
Thanks for your information. You reported it to the module developers, right? To check the possible holes...This module has always had serious problems.
 
C

cmrcmr

Well-known member
Master
Diamond
Elite
XNullUser
Joined
Sep 6, 2019
Messages
1,007
Reaction score
1,134
Points
113
NullCash
6,062
Gracias por comentar esta vulnerabilidad :)
 
S

slavi_946

Active member
XNullUser
Joined
Dec 1, 2020
Messages
857
Reaction score
29
Points
28
NullCash
10
Can you please specify exactly what should we do for soemone who has no coding skills and knowledge?
 
deltas

deltas

Well-known member
Master
Diamond
Elite
Joined
Jan 13, 2020
Messages
786
Reaction score
651
Points
93
NullCash
1,396
Thanks for warning, good to know. Gonna check asap
 
ernestg

ernestg

Member
XNullUser
Joined
May 29, 2019
Messages
504
Reaction score
0
Points
16
NullCash
5
thank you the the headsup and warning Prestashop shopowners ;-)
 
unique

unique

Well-known member
Diamond
Elite
XNullUser
Joined
Dec 12, 2020
Messages
2,390
Reaction score
457
Points
83
NullCash
787
thank you the the headsup and warning Prestashop shopowners ;-)
 
E

eskatemp

Member
XNullUser
Joined
May 12, 2020
Messages
167
Reaction score
1
Points
18
NullCash
3
Thank you for reporting this. It is very important to download safety module :)
 
You must log in or register to reply here.
Top