Last active
March 15, 2020 10:34
-
-
Save SebSept/e9567101a13a487da73b1b83323e3e32 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* check sendtoafriend module vulnerability | |
* | |
* run it in terminal | |
* | |
* @link https://blog.seb7.fr/a/faille-sécurité-prestashop-module-envoyer-a-un-ami | |
* @author seb7.fr | |
*/ | |
$sites = [ | |
'http://www.example.com', | |
'http://www.example2.com', | |
]; | |
foreach ($sites as $site_url) | |
{ | |
try | |
{ | |
print PHP_EOL ."\e[37mtest du site : $site_url"; | |
$version = get_module_version($site_url, 'sendtoafriend'); | |
if (version_compare($version, '1.9', '<')) | |
{ | |
print PHP_EOL . "\e[31m Version vulnérable : $version."; | |
} else | |
{ | |
print PHP_EOL . "\e[32m Safe : $version."; | |
} | |
} catch (Exception $ex) | |
{ | |
// essai avec le module de référence toujours présent | |
try { | |
get_module_version($site_url, 'paypal'); | |
print PHP_EOL . "\e[32m Safe : module supprimé."; | |
} catch (Exception $ex) { | |
print PHP_EOL .'\e[31m Echec test du site - xml non disponible.';// . $ex->getMessage(); | |
} | |
} | |
} | |
/** | |
* get module version (via xml file) | |
* | |
* @param string $module | |
* @throws \Exception | |
*/ | |
function get_module_version($site_url, $module_name) | |
{ | |
$xml_file = "$site_url/modules/$module_name/config.xml"; | |
$xml = @simplexml_load_file($xml_file); | |
if ($xml === false) | |
{ | |
throw new \Exception("Failed to open $xml_file "); | |
} | |
return $xml->version; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment