Threat actors have once again targeted the Magento platform. The purpose of the campaign is planting payment card skimmers on online stores. According to security researcher Willem de Groot, at least 20 Magento extensions have been abused due to a number of unpatched zero-day vulnerabilities.
This is not the first time Groot uncovers serious Magento issues. In September, the researcher uncovered
2 out of 20 Magento Vulnerable Extensions Identified
As for the current case, de Groot has successfully identified 2 of the 20 extensions and is seeking help from fellow researchers to uncover the rest. This is needed so that the zero-day flaws are patched. The good news is that he has provided a series of URL paths that have been exploited to compromise online stores running the vulnerable extensions.
It appears that Magento replaced most of the vulnerable functions by json_decode() in patch 8788. Unfortunately, many of its popular extensions did not, the researcher noted in his post. As explained by Yonathan Klijnsma, a researcher at RisqIQ and one of the experts who has been helping de Groot, “core platforms tend to be pretty good, it’s just the plugins that keep messing up”.
*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | SensorsTechForum.com authored by Milena Dimitrova. Read the original post at: https://sensorstechforum.com/vulnerable-magento-extensions-skimmers/