Magento Webforms Upload Vulnerability
In ModSecurity auditlog we found magento webforms upload vulnerability. Looking better POST payload, found this image.phtml script, which first uploaded to customer website. If index.php / image.phtml file success uploaded, it can access from www and executed! image.phtml First it send email to fileputcontent@gmail.com notify details like Hostname, URL, IP: Then it try … Read more