Filter by tag: magento

Magento 2.3.1: Unauthenticated Stored XSS to RCE

11 min read 2 Jul 2019 by Simon Scannell
This blog post shows how the combination of a HTML sanitizer bug and a Phar Deserialization in the popular eCommerce solution Magento <=2.3.1 lead to a high severe exploit chain. This chain can be abused by an unauthenticated attacker to fully takeover certain Magento stores and to redirect payments.