7 min read 5 Nov 2019 by Robin Peraglie
11 min read 2 Jul 2019 by Simon Scannell
This blog post shows how the combination of a HTML sanitizer bug and a Phar Deserialization in the popular eCommerce solution Magento <=2.3.1 lead to a high severe exploit chain. This chain can be abused by an unauthenticated attacker to fully takeover certain Magento stores and to redirect payments.
7 min read 20 Nov 2018 by Simon Scannell
5 min read 14 Aug 2018 by Johannes Dahse