Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Prestashop Installer Exposure" module is designed to detect a specific misconfiguration in PrestaShop installations. PrestaShop is an open-source e-commerce platform used by many online stores. This module focuses on identifying vulnerabilities related to the PrestaShop installation process.
This module has a high severity level, indicating that it can potentially expose sensitive information or lead to unauthorized access if the misconfiguration is present.
If the misconfiguration detected by this module is present, it could allow attackers to gain unauthorized access to the PrestaShop installation process. This can lead to potential data breaches, compromise of customer information, and unauthorized modifications to the online store.
The "Prestashop Installer Exposure" module works by sending a GET request to the "/install/index.php" path of the target PrestaShop installation. It then applies a set of matching conditions to determine if the misconfiguration is present.
The matching conditions include:
- Checking if the response body contains specific HTML elements such as "", "- System configuration ", and "- Store installation ". - Verifying that the response header contains the "text/html" content type. - Ensuring that the response status code is 200 (OK).If all the matching conditions are met, the module reports the vulnerability, indicating the presence of the misconfiguration in the PrestaShop installation.
For example, the module would send a GET request to "/install/index.php" and expect a response with a status code of 200, a content type of "text/html", and the presence of specific HTML elements in the response body.
It is important to address any detected misconfigurations promptly to ensure the security and integrity of the PrestaShop installation.