designguy79 Posted August 23, 2011 Share Posted August 23, 2011 Hello, I am a new user to PrestaShop, and someone was able to inject some code into footer.tpl of a client's site this afternoon! Not cool at all. Basically it was loading an iframe via javascript to http://clickmelo.fileave.com I found a thread in the French forum that may be related, but I don't speak French. :-/ http://www.prestashop.com/forums/topic/125819-bug-affichage/page__p__613910__hl__fileave__fromsearch__1#entry613910 I upgraded to 1.4.4, and reset my FTP and MySQL passwords and will keep a very, very close on eye it to see if any other files change. Thanks in advance, Jeremy Link to comment Share on other sites More sharing options...
Mike Kranzler Posted August 23, 2011 Share Posted August 23, 2011 Hello, I am a new user to PrestaShop, and someone was able to inject some code into footer.tpl of a client's site this afternoon! Not cool at all. Basically it was loading an iframe via javascript to http://clickmelo.fileave.com I found a thread in the French forum that may be related, but I don't speak French. :-/ http://www.prestashop.com/forums/topic/125819-bug-affichage/page__p__613910__hl__fileave__fromsearch__1#entry613910 I upgraded to 1.4.4, and reset my FTP and MySQL passwords and will keep a very, very close on eye it to see if any other files change. Thanks in advance, Jeremy Hi Jeremy, You can find the discussion on this topic here: http://www.prestashop.com/forums/topic/125798-footertpl-vulnerability/ I am going to close this topic so that we can keep everyone monitoring this updated all in one place. Link to comment Share on other sites More sharing options...
.png.022b5452a8f28f552bc9430097a16da2.png)
Recommended Posts