"Facebook PrestaShop Module Exploited to Steal Credit Cards"

A flaw in a premium Facebook module for PrestaShop named "pkfacebook" allows hackers to use a card skimmer on vulnerable e-commerce websites to steal credit card information. PrestaShop is an open source e-commerce platform where individuals and businesses develop and manage online stores. Promokit's pkfacebook add-on lets shop visitors log in with Facebook, leave comments on shop pages, and chat with support agents via Messenger. The critical SQL injection vulnerability in pkfacebook's facebookConnect.php Ajax script enables remote attackers to trigger SQL injection using HTTP requests. This article continues to discuss the exploitation of a Facebook PrestaShop module to steal credit cards.

BleepingComputer reports "Facebook PrestaShop Module Exploited to Steal Credit Cards"

Submitted by grigby1
 

Submitted by grigby1 CPVI on