Blind SSRF to RCE Exploit - PrestaShop 8.1.7

This document outlines a Blind SSRF to RCE exploit on a fresh PrestaShop 8.1.7 docker installation.

Prerequisites

Ensure you have at least an outdated module installed, for example:
- ps_facetedsearch
Download the original package:
- Download ps_facetedsearch v3.16.1

Prepare the Malicious File:
- Download and unzip the original package.
- Choose a suitable file and function to inject the malicious command.
- Payload example: Create a file in the root directory (e.g., pwn3ed_bayram.txt). Note: Shells could also be popped.
- Repack the module and Host it.
Upgrade the Module:
- Open the module manager in PrestaShop.
Intercept and Modify the Request:
- Intercept the request
- Change the source parameter to point to the server hosting your malicious zip file.

Before Exploit:
- Filesystem as expected with no additional files.
After Exploit:
- The file pwn3ed_bayram.txt is successfully created in the root directory.

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
1.png		1.png
10.png		10.png
11.png		11.png
2.png		2.png
3.png		3.png
4.png		4.png
5.png		5.png
6.png		6.png
7.png		7.png
8.png		8.png
9.png		9.png
README.md		README.md