Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Prestashop Installer Exposure

By kannthu

High
Vidoc logoVidoc Module
#misconfig#prestashop#exposure#install
Description

Prestashop Installer Exposure

What is the "Prestashop Installer Exposure?"

The "Prestashop Installer Exposure" module is designed to detect a specific misconfiguration in PrestaShop installations. PrestaShop is an open-source e-commerce platform used by many online stores. This module focuses on identifying vulnerabilities related to the PrestaShop installation process.

This module has a high severity level, indicating that it can potentially expose sensitive information or lead to unauthorized access if the misconfiguration is present.

Impact

If the misconfiguration detected by this module is present, it could allow attackers to gain unauthorized access to the PrestaShop installation process. This can lead to potential data breaches, compromise of customer information, and unauthorized modifications to the online store.

How the module works?

The "Prestashop Installer Exposure" module works by sending a GET request to the "/install/index.php" path of the target PrestaShop installation. It then applies a set of matching conditions to determine if the misconfiguration is present.

The matching conditions include:

- Checking if the response body contains specific HTML elements such as "", "- System configuration ", and "- Store installation ". - Verifying that the response header contains the "text/html" content type. - Ensuring that the response status code is 200 (OK).

If all the matching conditions are met, the module reports the vulnerability, indicating the presence of the misconfiguration in the PrestaShop installation.

For example, the module would send a GET request to "/install/index.php" and expect a response with a status code of 200, a content type of "text/html", and the presence of specific HTML elements in the response body.

It is important to address any detected misconfigurations promptly to ensure the security and integrity of the PrestaShop installation.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/install/index.php
Matching conditions
word: <title>PrestaShop Installation Assistant...and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability