E-commerce system Magento, is what lies at the centre of retail giant eBay (and may other e-retailers across the globe) and makes the clock go round by supporting online purchases and transactions that take place on the website. That’s probably why, when Vulnerability Lab‘s security researcher Hadji Samir found three security flaws within Magento open-source e-commerce platform in March, no time was lost in rushing experts on to the issues thanks to which, the vulnerabilities have now been permanently fixed.
The first of these was a Cross Site Request Forgery — or a CSRF– lodged within the official Magento Commerce Premium Theme front-end web application. This could and may have allowed remote hackers to inject scripts into the application-side of the service module. The vulnerability allows to execute unauthorized client-side application functions without secure validation or session token protection mechanism.
The second flaw was associated with the validation of the input being fed to the site. In order to be able to use this, the hacker needed to have a low privilege user account on the application side. However, this has been patched now as well.
The third vulnerability was again of the CSRF kind. However, this one existed within the Magento application’s messages module and again required the hackers to posses a low privilege user account. Once these conditions were met however, you could delete the internal Magento messages of other users without consent and launch man-in-the-middle (MITM) attacks which can then be used to intercept user sessions.
Although these weak points were discovered and submitted to the eBay security team through the company’s Bug Bounty program back in March, we only got to hear about them now — for obvious reasons of course — once all the holes have been firmly plugged by a patch issued by eBay in May.