[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Magento Unauthenticated RCE

To: "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>
Subject: [FD] Magento Unauthenticated RCE
From: Shahar Tal <shahartal@xxxxxxxxxxxxxx>
Date: Thu, 23 Apr 2015 01:22:49 +0000

RCE on the most popular eCommerce (/shopping cart) platform out there - we have 
been urging admins to patch for a while now.
This one is as serious as it gets, auth bypass + SQLi + RFI converted to LFI. 
Props to our own Netanel Rubin for the top research.
Check Point was awarded with a $20k USD bounty for this report, which we have 
decided to donate to charity.

Check out the complete technical analysis at 
http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/

Cheers,

Shahar Tal
Malware & Vulnerability Research 
AAAAAAAAAAAAAAAA\0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Check Point Software Technologies | * +972-3-753-4536 | M +972-545-888887 | * 
shahartal@xxxxxxxxxxxxxx<mailto:shahartal@xxxxxxxxxxxxxx>


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] CVE-2015-0984 SCADA - Gaining remote shell on Honeywell Falcon XLWEB
Next by Date: [FD] Socrata Bug Bounty #1 - Persistent Encoding Vulnerability
Previous by thread: [FD] CVE-2015-0984 SCADA - Gaining remote shell on Honeywell Falcon XLWEB
Next by thread: [FD] Socrata Bug Bounty #1 - Persistent Encoding Vulnerability
Index(es):
- Date
- Thread