back to article EXTREME COUPONING zeros checkout carts in eBay's Magento

Hacker Netanel Rubin has found a critical remote vulnerability in Ebay's web commerce platform Magento that affects 88,000 shops and allows buyers to purchase anything for free, and compromise credit cards and personal data. The CheckPoint vulnerability hunter says many tat bazaar stores are still exposed to the bug that …

  1. Graham Marsden
    Coat

    I blame...

    ... those pesky X-Men!

  2. Brian Miller 1

    It seems like it would be slightly difficult to exploit

    Firstly, to get anything delivered I would think you need an address at the very least. Second, it would surely be very easy to implement a check for all 0 value transactions made with a coupon, or even any transaction with a coupon discount greater than x%.

    I am not suggesting it should not be fixed in a hurry, but to get away with the goods seems more than trifling difficult.

    1. Jess--

      Re: It seems like it would be slightly difficult to exploit

      it has been fixed since february provided all sites have updated to versions since then, only sites running older versions are vulnerable. The problem is that there are a lot of sites running the older version, direct quote from a friend that has used it "it's an updating nightmare and the admin side is horrific"

      1. gollux

        Re: It seems like it would be slightly difficult to exploit

        All sites running versions up to CE 1.9.1.0 are vulnerable... Until patched.

        Your highly paid for Enterprise version also is a wide open swinging barn door.

        And Magento suffers regression errors, when you upgrade, the core patched files are overwritten which causes your website to be open to the wide world all over again until re-patched with ALL the patches that apply to your current version.

        The patch is a shell script patch that needs to be manually run with crossed fingers in the hopes it doesn't blow chunks.

        After patching, you still aren't in the clear... Your fully patched website is still vulnerable.

        If you're running the kludge compiler, recompile. Then clear your Magento cache, best if done by manually deleting the cache subfolders just to be sure. Then, if you're running an opcode cache, better clear that as well.

    2. Mark 85 Silver badge

      Re: It seems like it would be slightly difficult to exploit

      Delivery hasn't been an issue with many fraudulent transactions... either on E-Bay or using a stolen card. The perps use a drop type address.. empty house, a willing "friend", etc. I remember hearing one tail were stuff was being sent to an open field that some conveniently put a mail box near the sidewalk and would meet the UPS driver for the delivery.

      One should never underestimate miscreants. They can be truly inventive.

      1. gollux

        Re: It seems like it would be slightly difficult to exploit

        And if you're offering downloadables, it's all free.

  3. gollux

    Mag-E-Bay...

    Kind of a really snaky path from initial release to final exploit. It was one of Mag-E-Bay's best kept secrets that a patch existed till recently...

    https://www.ostraining.com/blog/general/magento-shoplift/

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020