Geeks for your information News Privacy & Security News v
Magecart Attackers Exploit Magento Zero-Days
Magecart Attackers Exploit Magento Zero-Days
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,064 in 3,838 posts
Thanks Given: 6,200
Joined: 12 September 18
#1
24 October 18, 17:23
Quote:Magecart hackers are exploiting a long list of zero-day vulnerabilities in popular store extension software to inject the digital skimming code into targeted e-commerce sites, according to new research.

Dutch security consultant Willem de Groot revealed this week that the attackers had amassed a large number of Magento extensions which contained PHP Object Injection (POI) vulnerabilities.

“This attack vector abuses PHP’s unserialize() function to inject their own PHP code into the site. With that, they are able to modify the database or any Javascript files,” he explained.
“As of today, many popular PHP applications still use unserialize(). Magento replaced most of the vulnerable functions by json_decode() in patch 8788, but many of its popular extensions did not.”

Source: https://www.infosecurity-magazine.com/ne...t-magento/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Geekbench flags Intel Binary Optimizati...
Geekbench says Intel...harlan4096 — 16:40
Surfshark VPN : Award-winning VPN servi...
VPN encryption exp...jasonX — 12:36
Surfshark VPN : Award-winning VPN servi...
5-9-14 Eyes and VP...jasonX — 12:04
QOwnNotes
26.3.24  Added bloc...Kool — 10:38
K-Lite Codec Pack 19.6.0 / 19.6.4 Update
Changes in 19.6.4 ...harlan4096 — 09:03

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>