CVE-2018-13784

This exploit targets a privilege escalation vulnerability in PrestaShop <= 1.6.1.19 by manipulating cookie encryption to associate a customer account with an employee account, potentially granting backoffice access if passwords match.

This exploit performs a padding oracle attack on PrestaShop's AES-encrypted cookies to decrypt employee session cookies, enabling privilege escalation or session hijacking. It leverages the application's error responses to decrypt the cookie block-by-block.

This repository contains a working proof-of-concept exploit for CVE-2018-13784, targeting PrestaShop's cookie encryption vulnerabilities. It includes padding oracle attacks for AES-CBC and Blowfish-ECB encryption methods to decrypt and manipulate employee cookies.