this line of smarty_internal_templatebase.php: $output.= preg_replace('/(<%|%>|<\?php|<\?|\?>)/', "<?php echo '\$1'; ?>\n", $curr_split);
is giving me the error: Compilation failed:missing ) at..
I think it has something to do with DIRECTORY_SEPARATOR * * like here: https://stackoverflow.com/questions/1142263/php-preg-replace-compilation-failed-missing The error is strange becouse the script is core Presta/Smarty script, so I quess it shouldn't be wrong.
So how to modify that line ta avoid that error? Would appreciate any help, Thank you
Shall I
preg_quote(DIRECTORY_SEPARATOR, '#');
with
preg_replace('/(<%|%>|<\?php|<\?|\?>)/', "<?php echo '\$1'; ?>\n", $curr_split)
OK - the Error was connected with Prestashop vulnerability discovered in 2022/07:
https://build.prestashop-project.org/news/2022/major-security-vulnerability-on-prestashop-websites/
According to our conversations with shop owners and developers, the recurring modus operandi looks like this -
The attacker submits a POST request to the endpoint vulnerable to SQL injection.
After approximately one second, the attacker submits a GET request to the homepage, with no parameters. This results in a PHP file called blm.php being created at the root of the shop's directory.
The attacker now submits a GET request to the new file that was created, blm.php, allowing them to execute arbitrary instructions.
After the attackers successfully gained control of a shop...
That attempt results (among others) in error like:
Compilation failed:missing ) at.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.