Blog navigation keyboard_arrow_down

Blog Rss rss_feed

PrestaShop Module ybc_blog Versions Prior to 4.4.0 Contain an SQL Injection Vulnerability

PrestaShop Module ybc_blog Versions Prior to 4.4.0 Contain an SQL Injection Vulnerability

Recently, a client reached out to us with a serious problem on their site: all folders were filled with suspicious files such as wp-load.php and similar. This is an unusual approach for hacking, as attackers usually modify core files and install phishing payment forms on the checkout page. However, this time the core files were not altered, and only the main page of the site was loading. The .htaccess and index.php files were modified, and even after deletion, they were quickly recreated. Attempts to trace the script actions via shell commands were ineffective, as the commands were hidden, and no cron tasks were set up.

After a thorough analysis, we discovered the ybc_blog folder in the cache directory. After deleting it, the folder would automatically reappear. This folder likely served as a flag for the attacker, and it was through this that the hack was executed. Further investigation led us to the CVE-2023-43979 record, which described a vulnerability in the ybc_blog module up to version 4.4.0.

For more detailed information about this vulnerability, you can visit the link: ybc_blog SQL Injection Vulnerability.

CVE-2023-43979: Important Details of the Vulnerability

The SQL injection vulnerability in the ybc_blog module allows attackers to access the database and execute arbitrary SQL queries. This can lead to serious consequences, including data theft, site content modification, and the installation of malicious code. Due to this vulnerability, hackers can gain full control over your site, and in some cases, even the server on which it is hosted.

Solution to the Problem

An archive of the old version of the backup was found on the client’s server. It was decided to reinstall the operating system, restore the data from the backup, and fix or remove the ybc_blog module.

Recommendations for Protecting Your Site

To avoid similar situations, it is important to follow several key recommendations:

  1. Timely Updates: Always update all components of your site, including modules and the PrestaShop platform itself. New versions contain patches and fixes that address known vulnerabilities.

  2. Installing Only Necessary Modules: Do not install unnecessary modules. Each additional module is a potential attack vector.

  3. Downloading Modules from Trusted Sources: Use only official platforms or trusted sources to download modules. Avoid suspicious sites and offers.

  4. Regular Backups: Regularly back up your site and database. This allows for quick recovery of the site in case of an attack.

  5. Security Audits: Conduct periodic security audits of your site. Use vulnerability scanners and monitoring tools to detect problems in a timely manner.

If you have the ybc_blog module installed, let us know in the comments if you have experienced hacks or suspicious activities. If this topic interests you, we can write additional articles about how viruses are uploaded and what needs to be done to protect your site.

If your site has been hacked, feel free to contact us. We will try to help you restore your site and eliminate vulnerabilities. Support and consultation from specialists will help you protect your business in the digital space.

Was this blog post helpful to you?

    
No comments at this moment
close

Checkout

close

Favourites