WebCoderBiz Posted June 6, 2012 Share Posted June 6, 2012 The vulnerable code is found in the template file of the manufacturer block(modules\blockmanufacturer\blockmanufacturer.tpl), where in the following: <form action="{$smarty.server.SCRIPT_NAME}" method="get"> it is printed the current path of the script without checking if it contains any malicious code. In order to patch this vulnerability you have to replace the following: {$smarty.server.SCRIPT_NAME} with {$smarty.server.SCRIPT_NAME|escape:'htmlall':'UTF-8'} and after that empty the cache and compile folders inside tools\smarty\ and re-compile smarty from admin panel: Preferences -> Performance -> Tick yes for Force compile and No for Cache -> Save -> reload the default page of Prestashop -> put the Performance settings back to original -> Save -> Done More details at : Prestashop XSS 1 Link to comment Share on other sites More sharing options...
Martin C Posted June 6, 2012 Share Posted June 6, 2012 I also found this specific code in the 1.5 svn version 15877 in the files: blockmanufacturer.tpl blocksupplier.tpl loyalty.tpl Another vulnerability? Link to comment Share on other sites More sharing options...
WebCoderBiz Posted June 6, 2012 Author Share Posted June 6, 2012 the 1.5 build has some redirection settings that mitigate the xss vector that I used for 1.4, but you can try some combinations to bypass it Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now