HQ/EMEAFind out how we can help your business
Hackers are exploiting a vulnerability in a premium Facebook module for PrestaShop named pkfacebook to launch a card skimmer on susceptible e-commerce sites and steal people’s payment credit card details.
Promokit’s pkfacebook add-on is a module that allows shop visitors to log in using their Facebook accounts, leave comments under the shop’s pages, and communicate with support agents using Messenger.
Moreover, this add-on has over 12,500 sales on the Envato market, but the Facebook module is only sold through the vendor’s website, and no sales number details are available.
PrestaShop has a critical vulnerability that enabled the hackers to execute an SQLi.
The critical flaw in PrestaShop, which is tracked as CVE-2024-36680, is an SQL injection vulnerability in pkfacebook’s facebookConnect.php Ajax script. This vulnerability allows remote attackers to trigger SQL injection using HTTP requests.
Researchers identified the flaw in March, but Promokit.eu claimed that the flaw was already fixed without providing any proof. Earlier this week, Friends-of-Presta published a PoC exploit for CVE-2024-36680 and warned that they are seeing active exploitation of the bug in the cybersecurity landscape.
However, the developers have not shared the latest release with Friends-of-Presta to confirm if the flaw was addressed. Still, Friends-Of-Presta notes that all versions should be considered as potentially impacted and recommends some mitigation protocols.
These protocols include upgrading to the latest pkfacebook version, which disables multiquery executions, even if it does not protect against SQL injection using the UNION clause. The protocol also urges users to ensure pSQL is used to avoid Stored XSS vulnerabilities, as it includes a strip_tags function for added security.
Users should modify the default “ps_” prefix to a longer, arbitrary one to improve security. However, this measure is not foolproof against skilled or sophisticated threat actors. The last suggested protocol is that users should activate OWASP 942 rules on the Web Application Firewall (WAF).
On the other hand, Hackers closely monitor for SQL injection flaws impacting webshop platforms, as those can be used to acquire admin-level privileges, access or modify data on the site, extract database contents, and rewrite SMTP settings to hijack emails.
A couple of years ago, PrestaShop issued an urgent warning and hotfix against attacks targeting modules vulnerable to SQL injection to achieve code execution on targeted sites. Hence, this newly discovered campaign against the online platform shows that threat actors see it as a viable target for executing illicit activities.
