Geeks for your information News Privacy & Security News v
Magecart Attackers Exploit Magento Zero-Days
Magecart Attackers Exploit Magento Zero-Days
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,064 in 3,838 posts
Thanks Given: 6,200
Joined: 12 September 18
#1
24 October 18, 17:23
Quote:Magecart hackers are exploiting a long list of zero-day vulnerabilities in popular store extension software to inject the digital skimming code into targeted e-commerce sites, according to new research.

Dutch security consultant Willem de Groot revealed this week that the attackers had amassed a large number of Magento extensions which contained PHP Object Injection (POI) vulnerabilities.

“This attack vector abuses PHP’s unserialize() function to inject their own PHP code into the site. With that, they are able to modify the database or any Javascript files,” he explained.
“As of today, many popular PHP applications still use unserialize(). Magento replaced most of the vulnerable functions by json_decode() in patch 8788, but many of its popular extensions did not.”

Source: https://www.infosecurity-magazine.com/ne...t-magento/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
CrystalDiskInfo 9.9.0 [2026/05/18]
CrystalDiskInfo 9....harlan4096 — 06:43
Adobe Acrobat Reader DC 2026.001.21563
Adobe Acrobat Read...harlan4096 — 06:42
FastCopy 5.11.3
FastCopy 5.11.3: ...harlan4096 — 06:40
QOwnNotes
26.5.12 Added a n...Kool — 03:51
AnyViewer 3.6.0 for macOS
AnyViewer 3.6.0 fo...harlan4096 — 10:44

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (39)axuben
avatar (40)ihijudu
avatar (50)Mirzojap
avatar (36)idilysaju
avatar (40)odukoromu
avatar (46)Joanna4589

[-]
Online Staff
harlan4096's profile harlan4096
Administrator

>