According to W3Tech’s data, PrestaShop is among the most popular CMS choices for existing ecommerce websites, so it should come as no surprise that malware has been created to specifically target these environments.
We recently came across an infected PrestaShop website with malware which was automatically injecting a super admin PrestaShop user whenever the website owner logged into the backend.
The malware was found injected into the following existing PrestaShop core files:
./controllers/admin/AdminLoginController.php
./classes/Employee.php
The injected PHP code works by checking the $email variable contents — which, by default, stores the email address used when trying to log into PrestaShop.
Continue reading PrestaShop SuperAdmin Injector and Login Stealer at Sucuri Blog.
The post PrestaShop SuperAdmin Injector and Login Stealer appeared first on Security Boulevard.
The post PrestaShop SuperAdmin Injector and Login Stealer appeared first on Malware Devil.
https://malwaredevil.com/2020/11/18/prestashop-superadmin-injector-and-login-stealer/?utm_source=rss&utm_medium=rss&utm_campaign=prestashop-superadmin-injector-and-login-stealer
No comments:
Post a Comment