doigro Posted August 24, 2011 Share Posted August 24, 2011 Yesterday i've installed a new 1.44 PS. This is the following email i've intercepted as being sent by PS in background: Return-path: <XXXXXXXXXXXXXXXXXXX> Received: from nobody by XXXXXXXXXXX with local (Exim 4.69) (envelope-from <XXXXXXXXXXXXXXXXXXX>) id 1Qw6ys-0000RZ-AO; Wed, 24 Aug 2011 09:30:30 +0300 To: [email protected], [email protected] Subject: new shop X-PHP-Script: XXXX.XX/modules/her.php for XX.XX.XXX.XX Message-Id: <E1Qw6ys-0000RZ-AO@XXXXXXXXXXXXXXXXX> From: Nobody <nobody@XXXXXXXXXXXXXXXXXXXXX> Date: Wed, 24 Aug 2011 09:30:30 +0300 host:XXXX.XX ref:http://XXXXXXX/adminXX/ path:/home/XXXXX/public_html/modules/her.php ===== localhost XXXXXX_webmaste (here was the database user) XXXXXX (here was the database password) XXXXXXXX_pshop (here was the database name) ps_ o2aUEkXVRyIV1GIHSNDHRtUYxp0D1AkCpTFXNscEtSL8G6Iu8zrZ7t6J 1Y92pJG3 1.4.4.0 ===== XXXXXXXXXXXX:21a957076fd0e91e780e39fbeeb6cfe3 (email address) ===== Template writed:false ===== Shells: ../upload/b489c7b2dc1f5492d56a4678a8523a69.php ../download/b489c7b2dc1f5492d56a4678a8523a69.php ===== It seems all database data is being sent to [email protected], [email protected] addresses!! Link to comment Share on other sites More sharing options...
Carl Favre Posted August 24, 2011 Share Posted August 24, 2011 Hi Doigro, Thanks for your report. This problem has already been reported. You can see the main thread here : http://www.prestashop.com/forums/topic/125798-footertpl-vulnerability/ I am locking this one to gather all the feedback in one place. Link to comment Share on other sites More sharing options...
.png.022b5452a8f28f552bc9430097a16da2.png)
Recommended Posts