v1.6-v1.7-v8x Urgent Security vulnerability for those ho installed "Super checkout module" all versions

[Coolt]

Be crefull there is a hacker ho try to hack the "super checkout module" through vulnerabilities with php:

1- Try to check your logs, you must retrieve a user agent called "python"
2- Check your module files through ftp

- Files/path witch he try to access:

?fc=module&module=supercheckout&controller=supercheckout&ajax=1&method=SaveFilesCustomField

and

/modules/supercheckout/views/img/upload/1709889405_2024x2024x_xsamxadoo.php.php


=> Examine any file that you are unsure of, and look for code changes to existing files, especially php files.

 

[noti_italy]

thank you for the warning

all modules you install that have upload permission functions
always analyze these functions
There are always open holes for hackers to exploit

Get to know prestashop well and configure the server to be the first blocking front

Always have fal2ban installed and with rules to analyze and ban suspicious traffic

Always have modsecurity installed with rules to block this type of suspicion

I'm in favor of blocking unwanted countries by geoip using modsecutity

certain prestashop features should only be active for logged in customers

and thank god prestashop is not wordpress

Post automatically merged: Mar 8, 2024

look this
109.207.172.138 - - [08/Mar/2024:09:01:43 +0100] "POST /en//index.php?fc=module&module=supercheckout&controller=supercheckout&ajax=1&method=SaveFilesCustomField HTTP/1.0" 403 199 "-" "python-requests/2.27.1"

 

[billoceceo]

Thanks for the warning from the prestashop community

 

[hxcode]

Thank you for your reminder. Website security cannot be ignored.

 

[rol5]

Thank you for your reminder. Website security cannot be ignored.
This is a really big problem.

 

[vivozivo]

Of course you need to be carefull with all modules downloaded from this forum, but be carefull also with modules downloaded from official Prestashop addons. Check all modules with antimalware and anti virus, and this is not enough, use always active protections on the host and site.

Reason why will someone attack Prestashop installation is always "stealing traffic", they can quicly monetise traffic, even two days is enough for them if the shop have high traffic. They will just redirect visitors (all your traffic) to different location. Sometimes they just want to send spam mail messages (fishing).

I only once downloaded content from this forum "infected" with malware, and reported imidiately this post, and "infected" post was removed the same day.

 

[amitecosini]

i think normal people was not think this issue or problem ,maybe you need to pay for fixed it

 

[BjpB]

Be crefull there is a hacker ho try to hack the "super checkout module" through vulnerabilities with php:

1- Try to check your logs, you must retrieve a user agent called "python"
2- Check your module files through ftp

- Files/path witch he try to access:

?fc=module&module=supercheckout&controller=supercheckout&ajax=1&method=SaveFilesCustomField

and

/modules/supercheckout/views/img/upload/1709889405_2024x2024x_xsamxadoo.php.php


=> Examine any file that you are unsure of, and look for code changes to existing files, especially php files.

Thanks for your information. You reported it to the module developers, right? To check the possible holes...This module has always had serious problems.

 

[cmrcmr]

Gracias por comentar esta vulnerabilidad

 

[slavi_946]

Can you please specify exactly what should we do for soemone who has no coding skills and knowledge?

 

[deltas]

Thanks for warning, good to know. Gonna check asap

 

[DontEatGlue]

Thank you for the warning!!!!!!!!!!!!!!!!!

 

[ernestg]

thank you the the headsup and warning Prestashop shopowners ;-)

 

[unique]

thank you the the headsup and warning Prestashop shopowners ;-)

 

[BjpB]

Can you please specify exactly what should we do for soemone who has no coding skills and knowledge?

@Coolt Can you give some clues as to where the back door of this module is? Thank you

 

[eskatemp]

Thank you for reporting this. It is very important to download safety module