gbhackers.com
Open in
urlscan Pro
2606:4700:3034::ac43:a5ec
Public Scan
URL:
https://gbhackers.com/critical-magento-0-day/
Submission: On April 20 via manual from JP — Scanned from JP
Submission: On April 20 via manual from JP — Scanned from JP
Form analysis 4 forms found in the DOM
GET https://gbhackers.com/
<form method="get" class="td-search-form" action="https://gbhackers.com/">
<div class="td-search-close">
<a href="#"><i class="td-icon-close-mobile"></i></a>
</div>
<div role="search" class="td-search-input">
<span>Search</span>
<input id="td-header-search-mob" type="text" value="" name="s" autocomplete="off">
</div>
</form>GET https://gbhackers.com/
<form method="get" class="td-search-form" action="https://gbhackers.com/">
<div role="search" class="td-head-form-search-wrap">
<input id="td-header-search" type="text" value="" name="s" autocomplete="off"><input class="wpb_button wpb_btn-inverse btn" type="submit" id="td-header-search-top" value="Search">
</div>
</form><form id="commentform" class="comment-form">
<iframe title="Comment Form"
src="https://jetpack.wordpress.com/jetpack-comment/?blogid=116523949&postid=52705&comment_registration=0&require_name_email=1&stc_enabled=0&stb_enabled=0&show_avatars=1&avatar_default=mystery&greeting=Leave+a+Reply&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=8.4.3&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=e1b26d2e9eac651d713611b6bc875c1c9a62f021#parent=https%3A%2F%2Fgbhackers.com%2Fcritical-magento-0-day%2F"
style="width: 100%; height: 60px; border: 0px;" name="jetpack_remote_comment" class="jetpack_remote_comment" id="jetpack_remote_comment" sandbox="allow-same-origin allow-top-navigation allow-scripts allow-forms allow-popups"
scrolling="no"></iframe>
<!--[if !IE]><!-->
<script>
document.addEventListener('DOMContentLoaded', function() {
var commentForms = document.getElementsByClassName('jetpack_remote_comment');
for (var i = 0; i < commentForms.length; i++) {
commentForms[i].allowTransparency = false;
commentForms[i].scrolling = 'no';
}
});
</script>
<!--<![endif]-->
</form>POST #
<form action="#" method="post" class="es_subscription_form es_shortcode_form" id="es_subscription_form_1650440410" data-source="ig-es">
<div class="es-field-wrap"><label>Name<br><input type="text" name="name" class="ig_es_form_field_name" placeholder="" value=""></label></div>
<div class="es-field-wrap"><label>Email*<br><input class="es_required_field es_txt_email ig_es_form_field_email" type="email" name="email" value="" placeholder="" required=""></label></div> <input type="hidden" name="lists[]" value="1"> <input
type="hidden" name="form_id" value="0">
<input type="hidden" name="es_email_page" value="52705">
<input type="hidden" name="es_email_page_url" value="https://gbhackers.com/critical-magento-0-day/">
<input type="hidden" name="status" value="Unconfirmed">
<input type="hidden" name="es-subscribe" id="es-subscribe" value="90e2a15097">
<label style="position:absolute;top:-99999px;left:-99999px;z-index:-99;"><input type="email" name="es_hp_email" class="es_required_field" tabindex="-1" autocomplete="-1" value=""></label>
<input type="submit" name="submit" class="es_subscription_form_submit es_submit_button es_textbox_button" id="es_subscription_form_submit_1650440410" value="Subscribe">
<span class="es_spinner_image" id="spinner-image"><img src="https://gbhackers.com/wp-content/plugins/email-subscribers/lite/public/images/spinner.gif.pagespeed.ce.gM0bEmS6Xn.gif" data-pagespeed-url-hash="206255346"
onload="pagespeed.CriticalImages.checkImageForCriticality(this);" class="td-animation-stack-type0-2" data-large_image_width="1600" data-large_image_height="1600"></span>
</form>Text Content
* Home
* Hacks
* Data Breach
* PCI DSS Breach
* Cryptocurrency hack
* Mobile Attacks
* Password Cracking
* THREATS
* DDOS
* Malware
* Phishing
* Ransomware
* Torjan Horses/worms
* Viruses
* CVE/vulnerability
* PENTEST
* Webapp Pentesting
* OWASP – Top 10
* Network Pentesting
* Android Pentesting
* KALI
* SOC
* SIEM
* SOC Architecture
* SOC Resources
* Infosec
* TOOLS
* Courses
* Tutorials
* Courses
Search
Wednesday, April 20, 2022
* Home
* kalitutorials
* Malware
* Ransomware
* Cryptocurrency hack
* SOC Resources
* GBH Team
GBHackers On Security
* Home
* Hacks
* Data Breach
* PCI DSS Breach
* Cryptocurrency hack
* Mobile Attacks
* Password Cracking
* THREATS
* DDOS
* Malware
* Phishing
* Ransomware
* Torjan Horses/worms
* Viruses
* CVE/vulnerability
* PENTEST
* Webapp Pentesting
* OWASP – Top 10
* Network Pentesting
* Android Pentesting
* KALI
* SOC
* SIEM
* SOC Architecture
* SOC Resources
* Infosec
* TOOLS
* Courses
* Tutorials
* Courses
* CVE/vulnerability
* Cyber Security News
CRITICAL MAGENTO 0-DAY LET ATTACKERS EXECUTE ARBITRARY CODE
By
GURUBARAN S
-
February 15, 2022
0
x
x
Security updates for Adobe Commerce and Magento Open Source have been released
by Adobe.
At the end of this January, Sansec reported a security breach at more than 500
online stores that were running on Magento 1 platform. They also reported that
attackers deployed a skimmer at the naturalfreshmall[.]com domain which was
loaded by all the servers.
Attackers used a combination of SQL injection and PHP Object Injection for
exploiting those Magento stores. Adobe announced the retirement of Magento 1 in
June 2020 which most of the servers were running on.
Sansec also reported that attackers have been exploiting the Magento 2 platforms
with remote code execution vulnerabilities. Adobe has swiftly acted on this
issue and released security patches for Magento and Adobe Commerce merchants.
VERSIONS AFFECTED
‒‒:‒‒
/
02:12
Adobe posted that Adobe Commerce 2.3.3 and lower were not affected by this
vulnerability.
ProductVersionPlatformAdobe Commerce2.4.3-p1 and earlier versionsAll2.3.7-p2 and
earlier versionsAllMagento Open Source2.4.3-p1 and earlier versionsAll2.3.7-p2
and earlier versionsAll
VULNERABILITY DETAILS
Category: Improper Input Validation (CWE-20)
Vulnerability Impact: Arbitrary Code Execution
Severity: Critical
Pre-authentication: Yes
Admin Privileges Required: no
CVSS Base score: 9.8
CVSS Vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Magento Bug ID: PRODSECBUG-3118
CVE Number: CVE-2022-24086
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates
SHARE AND SUPPORT US :
* Click to share on Facebook (Opens in new window)
* Click to share on LinkedIn (Opens in new window)
* Click to share on Twitter (Opens in new window)
* 1Click to share on Pinterest (Opens in new window)1
* Click to share on Telegram (Opens in new window)
* Click to share on Reddit (Opens in new window)
* Click to share on WhatsApp (Opens in new window)
*
GURUBARAN S
http://gbhackers.com
Gurubaran is a PKI Security Engineer. Certified Ethical Hacker, Penetration
Tester, Security blogger, Co-Founder & Author of GBHackers On Security.
RELATED ARTICLESMORE FROM AUTHOR
Botnet
A NEW DDOS BOTNET ATTACKS 100 DDOS VICTIMS ON A DAILY BASIS
Cyber Security News
NGINX WEB SERVER PROJECT ADDRESSED A ZERO-DAY FLAW IN LDAP IMPLEMENTATION
cyber security
TARRASK MALWARE USES UNPATCHED ZERO-DAY VULNERABILITIES TO EVADE DEFENSE
TECHNIQUES
LEAVE A REPLY CANCEL REPLY
COMPLETE FREE WEBSITE SECURITY CHECK
COMPLETE FREE WEBSITE SECURITY CHECK
NEWSLETTER
SIGNUP TO GET HACKING NEWS & TUTORIALS TO YOUR INBOX
Name
Email*
COMPUTER SECURITY
HIGH-LEVEL WAYS TO IMPROVE APPLICATION SECURITY THROUGH TESTING
February 7, 2022
BEST SIEM TOOLS FOR SOC TEAM – 2022
January 20, 2022
CHINESE HACKERS USING LOG4SHELL EXPLOIT TOOLS TO PERFORM POST-EXPLOITATION
ATTACKS
January 4, 2022
RANSOMWARE AFFILIATE ARRESTED FOR SELLING STOLEN DATA OF 300 MILLION PEOPLE
December 15, 2021
DOZEN OF MALICIOUS NPM PACKAGES CAUGHT HIJACKING DISCORD SERVERS
December 10, 2021
Load more
ABOUT US
GBHackers on security is a Cyber Security platform that covers daily Cyber
Security News, Hacking News, Technology updates and Kali Linux tutorials. Our
mission is to keep the community up to date with happenings in the Cyber World.
Contact us: admin@gbhackers.com
FOLLOW US
* Home
* TECH NEWS
* Infosec- Resources
* OWASP – Top 10
* Privacy Policy
* Contact Us
* About Us
© GBHackers on Security 2016 - 2022. All Rights Reserved
Edit with Live CSS
Save
Write CSS OR LESS and hit save. CTRL + SPACE for auto-complete.