Hackers Exploiting Facebook PrestaShop Module Flaw to Steal Credit Card Info

A security vulnerability in a popular Facebook integration module for PrestaShop, known as pkfacebook, has been discovered. Hackers are exploiting this flaw to deploy card skimmers on vulnerable e-commerce sites, posing a significant risk of credit card theft to thousands of online shoppers. Learn more about it below! 

Understanding the Vulnerability

pkfacebook is developed by Promokit and designed to enhance e-commerce sites by integrating Facebook’s login and communication features. Unfortunately, it also contains a severe SQL injection vulnerability, identified as CVE-2024-36680, which has been exploited by cybercriminals to implant card skimmers on affected websites.

The pkfacebook add-on allows visitors to log in using their Facebook credentials, comment on store pages, and interact with support via Messenger. Despite its utility, the flawed facebookConnect.php Ajax script within the module has opened doors for unauthorized SQL injections through crafted HTTP requests.

Active Exploits and Community Responses

The security flaw was first flagged by analysts at TouchWeb on March 30, 2024. Despite assurances from Promokit.eu that the issue was addressed “a long time ago,” no concrete proof of the fix has been presented. 

Friends-of-Presta has released a proof-of-concept exploit for CVE-2024-36680 and has reported active exploitation of this vulnerability in the wild. “This exploit is actively used to deploy a web skimmer to massively steal credit cards,” reports Friends-Of-Presta. 

Recommended Mitigation Strategies

In light of these developments, Friends-Of-Presta recommends that users treat all versions as potentially compromised. Moreover, they advise taking the following protective measures.

• Update pkfacebook to the latest version which blocks multiquery executions. Note: This doesn’t prevent SQL injections with the UNION clause.

• Use pSQL to avoid stored XSS attacks; it includes a strip_tags function for improved security.

• Change the default “ps_” prefix to a more unique and unpredictable one to enhance security, though it’s not infallible against expert attackers.

• Enable OWASP 942 rules on your Web Application Firewall (WAF) to strengthen defense against injection attacks.

Hackers actively search for SQL injection vulnerabilities in e-commerce platforms, as they allow them to gain administrative access, alter or view site data, extract information from databases, and change SMTP configurations to intercept emails.

Final Word

The CVE-2024-36680 vulnerability in the pkfacebook module exposes online stores to significant credit card theft risks. Immediate updates and security measures are crucial to stay protected!