From Low to PWN: A CTF challenge in the wild presented at Securi-Tay 2020

by Charlie Hosier,

Summary : Have you ever found that something you find in the real world has more resemblance of a CTF challenge? In this talk I will go over the technical details of a couple of issues I found in PrestaShop an open source e-commerce platform. The issue itself began as a low severity issue yet once chained with another finding I was able to first achieve SQL injection and then later code execution.The vulnerability began as a low severity access control issue which allowed a low privileged user to add a link to a quick access toolbar of the super administrator. Further investigation revealed some interesting functionality which meant it was possible to get XSS using the JavaScript URI. A payload such as javascript:alert(0) would prompt a nice little alert box and a proof of concept that XSS was possible. But why stop there?