Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hacker at work on our Magento webshop? #127

Open
JoachimH-BE opened this issue Aug 6, 2024 · 1 comment
Open

hacker at work on our Magento webshop? #127

JoachimH-BE opened this issue Aug 6, 2024 · 1 comment

Comments

@JoachimH-BE
Copy link

Hi,

We received 2 orders in one week with a strange code on our magento webshop.
The address mentioned and the ordered item is identical in these 2 orders.

This is the html code.
Is this a hacker??

<style type="text/css">@import url("https://brightbaits.com/pub/static/version1686633819/frontend/BrightBaits/default/en_US/css/email-fonts.css"); </style>

firstname

Error filtering template: Warning: system() has been disabled for security reasons in /home/bbbwebvantage/public_html/vendor/magento/framework/Filter/Template.php on line 205,

Thank you for your order from Bright Baits Belgium. Once your package ships we will send an email with a link to track your order. If you have questions about your order, you can email us at [email protected] or call us at +32496835589.

Your Order #2000863
Placed on Aug 5, 2024, 11:18:08 PM

Email Address:
[email protected]

Billing Info

<style type="text/css">@import url("https://brightbaits.com/pub/static/version1686633819/frontend/BrightBaits/default/en_US/css/email-fonts.css"); </style>

firstname

Error filtering template: Warning: system() has been disabled for security reasons in /home/bbbwebvantage/public_html/vendor/magento/framework/Filter/Template.php on line 205

123 Oak Ave
New York, New York, 10577
United States
T: [512 555 1111](tel:512 555 1111)

Shipping Info

<style type="text/css">@import url("https://brightbaits.com/pub/static/version1686633819/frontend/BrightBaits/default/en_US/css/email-fonts.css"); </style>

firstname

Error filtering template: Warning: system() has been disabled for security reasons in /home/bbbwebvantage/public_html/vendor/magento/framework/Filter/Template.php on line 205

123 Oak Ave
New York, New York, 10577
United States
T: [512 555 1111](tel:512 555 1111)

Greetings
Joachim Hautekeete
Belgium
@hostep
Copy link
Contributor

hostep commented Aug 6, 2024

This seems like an attempt to exploit CVE-2022-24086 (from 2 years ago, see https://helpx.adobe.com/security/products/magento/apsb22-12.html)

If your shop is patched against that vulnerability or you are using a recent Magento version, you shouldn't be worried about it.

But if you want to prevent orders with such an address, there is a pretty new community module that tries to block orders with these sort of weird addresses: https://github.com/DeployEcommerce/module-trojan-order-prevent (I haven't tested it myself, but somebody mentioned it in the #security channel of the Magento EngCom Slack workspace)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Commerce - Issues
Status: 🆕 Ready for Grooming
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hostep @JoachimH-BE