A recently discovered flaw in the popular e-commerce platform, Magento allows attackers to upload files through a chain of vulnerabilities. Once uploaded, these files could enable the remote execution of a code that could potentially expose the site’s entire database, including content, customer credit card information, and other sensitive data.
A successful attack involves some social engineering. To exploit the vulnerability, an attacker would send a link to the Magento administrator directing them to a malicious website where they would be tricked into downloading a .htaccess configuration file. This file enables PHP execution inside the download directory and the downloading of the malicious PHP file itself.
The PHP script can then be used as a backdoor to access an internal location, enabling the attacker to browse the server directories and retrieve the database password from Magento’s configuration file. With that password, the attacker would then have full access to all database information such as customer card numbers and email addresses that could be used to send SPAM.
Although the vulnerability was first discovered back in November of 2016 during a security audit of Magento Community Edition, the latest version remains unpatched. Oracle Dyn users don’t have to worry.
Oracle Dyn has released a rule protecting platform users from the Magento vulnerability. Our robust threat intelligence blocks any malicious attackers before they have the chance to reach your site and our real-time monitoring alerts you to any suspicious activity.
If you are one of the over 250,000 Magento users out there, don’t go unprotected. Contact us and learn how Oracle Dyn’s platform is designed with e-Commerce security in mind.