<--- exploitpy --->
#!/usr/bin/env python3
# PrestaShop <= 16119 Privilege Escalation
# Charles Fol
# 2018-07-10
#
# See ambionicsio/blog/prestashop-privilege-escalation
#
#
# The condition for this exploit to work is for an employee to have the same
# password as a customer The exploit will yield a valid employee cookie for
...
#!/usr/bin/env python3
# PrestaShop <= 16119 AES (Rijndael) / openssl_encrypt() Cookie Read
# Charles Fol
#
# See ambionicsio/blog/prestashop-privilege-escalation
#
# This POC will reveal the content of an employee's cookie
# By modifying it one can read/write any PrestaShop cookie
# It is a simple padding oracle implementation
#
...
Collection of exploits/POC for PrestaShop cookie vulnerabilities (CVE-2018-13784)
prestashop-exploits
Collection of exploits/POCs for PrestaShop cookie vulnerabilities (CVE-2018-13784)
Refer to ambionicsio/blog/prestashop-privilege-escalation for details