Security researchers have released proof-of-concepts for 2 Magento flaws

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn3

Magento is an e-commerce platform written in PHP. It provides online traders with a flexible shopping cart system, as well as control over the appearance, content and functionality of their online store. It also offers a strong marketing, search engine optimization, and catalog-management tools.

A security researcher from DefenseCode has released proof-of-concept (PoCs) code for 2 CSRF (Cross-Site Request Forgery) and stored XSS (Cross-site scripting) flaws affecting a number of versions of Magento.

The exploitation of these vulnerabilities could lead to administrator account takeover and finally lead to user payment data theft.

According to defensecode:
“There is a Cross-Site Request Forgery vulnerability present in Customer Groups when a POST request is changed to GET on saving changes to existing groups (/customer/group/save/).
When the request method is switched, the lack of form_key parameter which serves as a CSRF token is completely ignored.”

“There is a Cross-Site Request Forgery vulnerability present in Newsletter Templates when a POST request is changed to GET on saving changes on existing or adding new templates (/newsletter/template/save/). When the request method is switched, the lack of form_key parameter which serves as a CSRF token is completely ignored.”

The flaws affect:
– Magento CE 1 prior to 1.9.3.6
– Magento Commerce prior to 1.14.3.6
– Magento 2.0 prior to 2.0.16
– Magento 2.1. prior to 2.1.9

If you are running one of the 200,000+ Magento stores and you haven’t yet updated your version, now it’s the time to do it.

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn3

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Leave a Reply