Examining Unique Magento Backdoors

Examining Unique Magento Backdoors

During a recent investigation into a compromised Magento ecommerce environment, we discovered the presence of five different backdoors that would provide attackers with code execution capabilities. The techniques used by the attackers in these backdoors illustrates the ever-changing landscape of website security and highlights some of the tactics used to avoid traditional backdoor detection.

Reflection Functions

One such backdoor was appended to the Magento core file /errors/503.php:

This sample takes user input from the “ID” URL parameter and builds a reflection function, where the object stored in the $func variable will now reflect whichever function the attacker passed as input.

Continue reading Examining Unique Magento Backdoors at Sucuri Blog.

Read more: Examining Unique Magento Backdoors

Story added 4. August 2021, content source with full text you can find at link above.