« previous next »
Pages: [1]   Go Down

Author Topic: Magento webshop vulnerable to CSFR exploits and so-called shoplift on Magento...  (Read 2501 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
Magento webshop vulnerable to CSFR exploits and so-called shoplift on Magento...
« on: August 31, 2018, 06:42:22 PM »
No patch SUPEE-6482 was found to be implemented on the Content Management Software of this website.

Actually online customers should be warned against visiting such insecure Magento webshop sites.
Re: https://gwillem.gitlab.io/2018/08/30/magentocore.net_skimmer_most_aggressive_to_date/

Sloppiness in updating, upgrading and patching should be punished through a general shown hall of shame
for those website admins and hosters that do a lousy and insecure job and put themselves and others at risk.  :( 
Alas we are not used to castigate them in public.  :o

See: https://www.magereport.com/scan/?s=https://quick.qsl-webshop.com/
Where we stumbled upon it:
Quote
https://www.shodan.io/host/195.160.161.138
Identifiant client
-195.160.161.138
Paragon Data GmbH
Added on 2018-08-31 02:39:57 GMT
GermanyGermany
Technologies: PHPMagento
Details
 SSL Certificate
Issued By:
|- Common Name: COMODO RSA Organization Validation Secure Server CA
|- Organization: COMODO CA Limited
Issued To:
|- Common Name: -*.qsl-webshop.com
|- Organization: Meyer Quick Service Logistics GmbH & Co. KG
Supported SSL Versions
TLSv1, TLSv1.1, TLSv1.2

HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Fri, 31 Aug 2018 02:39:57 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.1.17-1+0~20180505045738.17+stretch~1.gbpde69c6
Set-Cookie: store=qu_fr_fr; expires=Sa...

More insecurity established here: https://webhint.io/scanner/9b909295-e1b5-46ee-9bd8-e1e1366a9da8
with 97 security errors detected

F-grade security status and recommendations: https://observatory.mozilla.org/analyze/quick.qsl-webshop.com

This should not be publicly available: -https://quick.qsl-webshop.com/qu_fr_fr/customer/account/login/
See: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=cXVbXmsucXNsLXd7YnNoXXAuXl1t~enc  -> host details https://www.shodan.io/host/195.160.161.138

front-end error in login uri:
Quote
-quick.qsl-webshop.com/fr/customer/account/login/
     status: (referer=http:/XXX/web?q=puppies)saved 19701 bytes 89062791ad0f0a35b313706dc2661344b9784225
     info: [script] -quick.qsl-webshop.com/static/version1535007181/_cache/merged/8ad6525cd0b4c92d631cf9bda5c59d13.min.js
     info: [decodingLevel=0] found JavaScript
     error: line:182: SyntaxError: invalid label:
          error: line:182: "*": {
          error: line:182: ........^
     error: line:3: SyntaxError: missing = in XML attribute:
          error: line:3: <!doctype html>
          error: line:3: ..............^
     file: 89062791ad0f0a35b313706dc2661344b9784225: 19701 bytes
Invalid label code reuse attack possible - method of local exploit on invalid label (pol).
Response should not include disallowed 'x-powered-by' header here & 'set-cookie' header to set 'phpsessid' doesn't have the 'secure' directive. In code 'set-cookie' header to set 'phpsessid' doesn't have the 'secure' directive. In code
Quote
<input name="form_key" type="hidden" value="KxxxxxxxxxIUV2N">

polonus (volunteer website security analyst and website error-hunter)
« Last Edit: August 31, 2018, 07:00:25 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
Re: Mage syntax vulnerability and 119 security errors in Magento webshop
« Reply #1 on: September 01, 2018, 03:37:33 PM »
Another one with security vulnerabilities and missing patches:
-> https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=bWJdLm18bG1ie31nd3tic2hdcC5ubA%3D%3D~enc
and -> https://www.magereport.com/scan/?s=https://mbo.malmbergwebshop.nl/
1 retirable jQuery library detected: -> https://retire.insecurity.today/#!/scan/40c8109fe2094989fb6bc300569e49bc75b2d1063ecc8dadab96fdb97eb93ef3
119 security errors -> https://webhint.io/scanner/bf51c649-871f-4071-a267-c2f4d507a58d
F-grade security and recommendations: -> https://observatory.mozilla.org/analyze/mbo.malmbergwebshop.nl
I-grade security -> https://observatory.mozilla.org/analyze/mbo.malmbergwebshop.nl#tls
A-B-E-X status -> https://observatory.mozilla.org/analyze/mbo.malmbergwebshop.nl#third
Re: -> https://urlscan.io/domain/mbo.malmbergwebshop.nl
Re: -> https://toolbar.netcraft.com/site_report?url=https%3A%2F%2Fmbo.malmbergwebshop.nl
Re: -> https://www.shodan.io/host/52.211.193.107   -> https://webcookies.org/cookies/mbo.malmbergwebshop.nl/19369962

Code error in Mage
Quote
  found JavaScript
     error: undefined variable Mage
     error: undefined variable Mage.Cookies
     error: line:1: SyntaxError: missing ; before statement:
          error: line:1: var Mage.Cookies = 1;
          error: line:1: ....^
     error: line:3: SyntaxError: missing = in XML attribute:
          error: line:3: <!doctype html>
          error: line:3: ..............^
     file: 0b2c7b2d51d032748e499d0b427bbdc6b46da95f: 32326 bytes

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
« Last Edit: September 01, 2018, 03:39:48 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »