Connect with us

Ecommerce Security

Examining Unique Magento Backdoors

Published

on

Examining Unique Magento Backdoors



Examining Unique Magento Backdoors

During a recent investigation into a compromised Magento ecommerce environment, we discovered the presence of five different backdoors that would provide attackers with code execution capabilities. The techniques used by the attackers in these backdoors illustrates the ever-changing landscape of website security and highlights some of the tactics used to avoid traditional backdoor detection.

Reflection Functions

One such backdoor was appended to the Magento core file /errors/503.php:

This sample takes user input from the “ID” URL parameter and builds a reflection function, where the object stored in the $func variable will now reflect whichever function the attacker passed as input.

Continue reading Examining Unique Magento Backdoors at Sucuri Blog.



Source link

Continue Reading
Click to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.