CVE-2023-44024
📋 TL;DR
This SQL injection vulnerability in the KnowBand SuperCheckout module allows remote attackers to execute arbitrary SQL commands via crafted requests to the updateCheckoutBehaviour function. Attackers can potentially read, modify, or delete database content, and in worst cases execute arbitrary code. All users of SuperCheckout module v8.0.3 and earlier are affected.
💻 Affected Systems
- KnowBand SuperCheckout (One Page Checkout, Social Login & Mailchimp) module for PrestaShop
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the PrestaShop database leading to data theft, website defacement, remote code execution, and potential server takeover.
Likely Case
Database information disclosure including customer data, order history, and potentially administrative credentials.
If Mitigated
Limited impact with proper input validation and parameterized queries preventing SQL injection.
🎯 Exploit Status
SQL injection vulnerabilities are commonly exploited and tools exist for automated exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v8.0.4 or later
Vendor Advisory: https://security.friendsofpresta.org/modules/2023/10/05/supercheckout.html
Restart Required: No
Instructions:
1. Update the SuperCheckout module to version 8.0.4 or later via PrestaShop module manager. 2. Verify the update was successful by checking module version. 3. Clear PrestaShop cache if necessary.
🔧 Temporary Workarounds
Disable SuperCheckout Module
allTemporarily disable the vulnerable module until patching is possible.
Navigate to PrestaShop admin panel > Modules > Module Manager > Find SuperCheckout > Disable
WAF Rule Implementation
allImplement web application firewall rules to block SQL injection patterns targeting the vulnerable endpoint.
Add WAF rule to block requests containing SQL injection patterns to /modules/supercheckout/supercheckout.php
🧯 If You Can't Patch
- Implement strict input validation and parameterized queries in the updateCheckoutBehaviour function
- Restrict access to the vulnerable endpoint using IP whitelisting or authentication requirements
🔍 How to Verify
Check if Vulnerable:
Check SuperCheckout module version in PrestaShop admin panel under Modules > Module Manager. If version is 8.0.3 or earlier, you are vulnerable.Check Version:
Check PrestaShop admin panel: Modules > Module Manager > SuperCheckout > VersionVerify Fix Applied:
Verify module version shows 8.0.4 or later in PrestaShop admin panel. Test the checkout functionality to ensure it works properly.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple requests to /modules/supercheckout/supercheckout.php with SQL-like parameters
- Database error messages containing SQL syntax
Network Indicators:
- HTTP POST requests to /modules/supercheckout/supercheckout.php with SQL injection payloads
- Unusual traffic patterns to checkout endpoints
SIEM Query:
source="web_logs" AND uri="/modules/supercheckout/supercheckout.php" AND (payload CONTAINS "UNION" OR payload CONTAINS "SELECT" OR payload CONTAINS "INSERT" OR payload CONTAINS "DELETE")