Hello everyone
Unfortunately, we see thousands of sites around the world - which have already been hacked due to outdated core and modules
Chinese and Russians steal banking data and any forms or clicks from your site...
Potential code targets:
User activity tracking:
- The code tracks changes in form fields (input, select) and buttons, as well as clicks on links.
- These actions are recorded in sessionStorage or sent to the server.
- Monitoring interactions with embedded iframes:
The code tries to track user actions even in iframe content.
- Sending collected data to the server:
- Interaction data is stored as parameters and sent via fetch to the softbylinux.com server
Yes, updating the kernel to Prestashop 8.2.1 and blog modules - helps to close all site vulnerabilities
or block completely on your servers: China, Iran, Venezuela, and you can also block the whole rusia country - there is nothing civilized there anymore
Details for those who want to understand:
security.friendsofpresta.org
www.securefeed.com
www.prestashop.com
www.prestashop.com
Unfortunately, we see thousands of sites around the world - which have already been hacked due to outdated core and modules
Chinese and Russians steal banking data and any forms or clicks from your site...
Potential code targets:
User activity tracking:
- The code tracks changes in form fields (input, select) and buttons, as well as clicks on links.
- These actions are recorded in sessionStorage or sent to the server.
- Monitoring interactions with embedded iframes:
The code tries to track user actions even in iframe content.
- Sending collected data to the server:
- Interaction data is stored as parameters and sent via fetch to the softbylinux.com server
Yes, updating the kernel to Prestashop 8.2.1 and blog modules - helps to close all site vulnerabilities
or block completely on your servers: China, Iran, Venezuela, and you can also block the whole rusia country - there is nothing civilized there anymore
Details for those who want to understand:
[CVE-2021-36748] Improper neutralization of SQL parameter in SimpleBlog module from Prestahome for PrestaShop
An SQL Injection issue in the list controller of the Prestahome Blog (aka ph_simpleblog) module before 1.7.8 for Prestashop allows a remote attacker to extract data from the database via the sb_category parameter.
security.friendsofpresta.org
LevelBlue - Open Threat Exchange
Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
otx.alienvault.com
SecureFeed - Your gateway to a safer web
Utilize the power of 100+ sources to vigilantly inspect IPs or URLs for signs of malicious activity.
www.securefeed.com
Inyección SQL tabla ps_configuration
Hola, esta mañana al entrar a mi tienda, he detectado que algo no estaba funcionado bien, revisando tablas me he dado cuenta que me habían cambiado el value del campo PS_SHOP_NAME de la tabla ps_configuration por una cadena de texto que conducía a un js de una web maliciosa. He revisado todos los...
www.prestashop.com
Piratage en cours sur mon site sous prestashop 1.6 ? Besoin d'aide svp
Bonjour, j'ai reçu une confirmation de commande et de paiement et sur chaque en-tête il y a un script qui apparait qui n'a rien à faire là (j'ai masqué le nom de mon site et j'ai mis le code en capture d'écran car sinon je suis bloqué sur le forum) Il est en version 1.6 : Quelqu'un aurait la gent...
www.prestashop.com