Skip to main content

Sorcery Blog

Tag: prestashop

SQLi in SmartBlog CVE-2021-37538

This blog post details an SQLi I found in the SmartBlog Prestashop module by SmartDataSoft. First we need to talk about how the Prestashop pSQL function works and what it does. pSQL() is intended for string escaping, so for example if you have a query like: $sql = "SELECT * FROM myTable WHERE name='$name'" If $name has quotes in it then it can break out of the quotes. If $name is james' and sleep(10)-- -