Security researchers have released proof-of-concepts for 2 Magento flaws

  •  
  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    1
    Share

Magento is an e-commerce platform written in PHP. It provides online traders with a flexible shopping cart system, as well as control over the appearance, content and functionality of their online store. It also offers a strong marketing, search engine optimization, and catalog-management tools.

A security researcher from DefenseCode has released proof-of-concept (PoCs) code for 2 CSRF (Cross-Site Request Forgery) and stored XSS (Cross-site scripting) flaws affecting a number of versions of Magento.

The exploitation of these vulnerabilities could lead to administrator account takeover and finally lead to user payment data theft.

According to defensecode:
“There is a Cross-Site Request Forgery vulnerability present in Customer Groups when a POST request is changed to GET on saving changes to existing groups (/customer/group/save/).
When the request method is switched, the lack of form_key parameter which serves as a CSRF token is completely ignored.”

“There is a Cross-Site Request Forgery vulnerability present in Newsletter Templates when a POST request is changed to GET on saving changes on existing or adding new templates (/newsletter/template/save/). When the request method is switched, the lack of form_key parameter which serves as a CSRF token is completely ignored.”

The flaws affect:
– Magento CE 1 prior to 1.9.3.6
– Magento Commerce prior to 1.14.3.6
– Magento 2.0 prior to 2.0.16
– Magento 2.1. prior to 2.1.9

If you are running one of the 200,000+ Magento stores and you haven’t yet updated your version, now it’s the time to do it.

The following two tabs change content below.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Latest posts by Unallocated Author (see all)

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Leave a Reply