magento Archives

Magento credit card stealer

February 21, 2017 by admin

Hackers are increasingly exploiting an Downloader with connect install package upload vulnerability to steal payment card information from e-commerce websites that use Magento, the most popular e-commerce platform owned by eBay. Magento Auto Logger & Patcher First this malware script try download patcher.zip If it fail it download PHP Command Shell to remote access from … Read more

Magento Webforms Upload Vulnerability

January 22, 2017September 4, 2016 by admin

In ModSecurity auditlog we found magento webforms upload vulnerability. Looking better POST payload, found this image.phtml script, which first uploaded to customer website. If index.php / image.phtml file success uploaded, it can access from www and executed! image.phtml First it send email to fileputcontent@gmail.com notify details like Hostname, URL, IP: Then it try … Read more