Security Breach - SQL injection - Need help !

[Inpromark]

Hi, I have just received order that is quite possibly a security breach and it looks like a SQL injection. I have reported to my card payment provider but I need to refer that to Prestashop developers as well. On the "order page" I have a message in the Prestashop Security window:

 

Scoring: 2.86

Comment: IP address associated to another e-mail address recently. You should check this order manually.

Report this order as fraud towards PrestaShop

The link to the fraud report IS NOT getting you anywhere so that has to be fixed as well.

 

 

I will need somebody who can help me with that issue to contact me so I can give him more specific information.

Now I can just provide a few screen shots.

The order contains 2 products that are not on my database and 1 that is.

I will appreciate if somebody from the Prestashop developers will contact me ASAP.

The Prestashop version is PrestaShop™ 1.4.9.0

Thank you

 

 

 

 

Edited July 6, 2013 by Inpromark (see edit history)

[Inpromark]

I have new information as from today. After conversation with our merchant account holder SagePay we have find out, that the card details for that transaction are matching to a customer and it is not a stolen credit card. It looks like an IT fault. The customer can be hold on the phone number she provided but we could not talk to her about this order as she was busy at the time of call so she has politely ask as if we can contact her over her email address.

So if the customer is real and the order is not a hack, there are two questions left. How can this order contain products that are not in my database and why I have that message at the PrestaShop Security window saying: IP address associated to another e-mail address recently. You should check this order manually.

Report this order as fraud towards PrestaShop

[jaworekplay]

It looks to me like the 2 products which are not in your shop are the "default" ones, when you first install the shop. Possibly when you or somebody else removed the products didn't remove them completely, hence availability in the store. That's my opinion try to search the store for any products or check the database, after all it is based on a relational database.

[Inpromark]

Thanks jaworekplay,

I'm was thinking about the same thing ... It had to be when I changed the invoices numbers back to "0001" and something had to stuck in the database.

Thanks anyvay ...all other orders are now OK.

[jaworekplay]

Ah, That's why the order was showing the results from the first order, you know the one with that first fake customer. Have you amended the SQL table holding the invoices information ?

[Inpromark]

Well. As I'm using EmagicOne software to work with databases, I'm quite depending on its features and one of them is that when you upload a new category or product table you can select to clear the database from the previous tables (which I did). But unfortunately it was not enough.

[Inpromark]

It was the "default “invoice that somehow stuck in the database ... now everything works well. Thanks everyone for help!