Geeks for your information News Privacy & Security News v
Magecart Attackers Exploit Magento Zero-Days
Magecart Attackers Exploit Magento Zero-Days
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,064 in 3,838 posts
Thanks Given: 6,200
Joined: 12 September 18
#1
24 October 18, 17:23
Quote:Magecart hackers are exploiting a long list of zero-day vulnerabilities in popular store extension software to inject the digital skimming code into targeted e-commerce sites, according to new research.

Dutch security consultant Willem de Groot revealed this week that the attackers had amassed a large number of Magento extensions which contained PHP Object Injection (POI) vulnerabilities.

“This attack vector abuses PHP’s unserialize() function to inject their own PHP code into the site. With that, they are able to modify the database or any Javascript files,” he explained.
“As of today, many popular PHP applications still use unserialize(). Magento replaced most of the vulnerable functions by json_decode() in patch 8788, but many of its popular extensions did not.”

Source: https://www.infosecurity-magazine.com/ne...t-magento/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
[Test & Review Request] Looking for fee...
Can you at least int...jasonX — 00:35
[Test & Review Request] Looking for fee...
Can you at least int...jasonX — 00:31
Hasleo software (formerly called EasyUE...
Hasleo WinToHDD vers...jasonX — 00:15
[Test & Review Request] Looking for feed...
Hi Geeks, :D Followi...LFTyyy — 13:57
Manjaro Linux 26.0.4 Build 260327
Manjaro Linux 26.0...harlan4096 — 09:46

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>