The attacks perpetrated by the Magecart group on online transactions may well have exploited a flaw in the PHP Adminer tool, widely used by MySQL database administrators and PostgreSQL.
A localized vulnerability in the PHP Adminer tool used to administer various databases, including MySQL and PostgreSQL, allows attackers to retrieve data - or inject it - onto websites or e-commerce sites using open source databases. The flaw is associated with the MySQL Load Data command. The information was first reported by the Security Boulevard website. Several other sites, including BleepingComputer, and security researchers have commented and detailed, including on Reddit.
The flaw can be exploited to access data on which a client has read rights during an interaction between that client and a MySQL server that has been configured to accept connections to unreliable servers. The MySQL documentation also mentions the risks associated with the use of Load Data associated with the keyword Local on the client workstation. An attacker can in fact use the malicious server to make a Load Data Local response and request any file on which the client has read access.
Exploited for Magecart attacks on online payments
According to researcher Willem de Groot who spoke on the Reddit discussion on January 20, it is this flaw that would have been exploited by the group of attackers Magecart to intercept payment transactions on different sites by the insertion of a code . The Magecart attacks listed included British Airways, Ticketmaster Entertainment and Cathay Pacific Airways. For Willem de Groot, those intervened in October 2018 would have gone through this fault (mdj).
In a post published a few days ago, the researcher describes the various steps that allow attackers to proceed using the Adminer tool, widely used among administrators of different databases. "Attackers can abuse it to fetch passwords on popular applications like Magento and Wordpress, and take control of the site's database," he wrote, detailing how they are doing. "I tested Adminer versions 4.3.1 to 4.6.2 and found them all vulnerable. Adminer 4.6.3 was delivered in June 2018 and it looks healthy. " He adds that it is unclear whether the security breach was corrected voluntarily or by chance, as Adminer did not release a security update.
No comments:
Post a Comment