You can now find Cyber Kendra on Google News | Telegram

Magento Patched Critical Unauthenticated SQL injection [Exploit Released]

Magento SQL injection vulnerability
Magento has released a new security update for its core CMS which contains several vulnerabilities patches. These security updates fix multiple bugs including Cross Site Scripting, RCE, Cross-Site Request Forgery and SQL injection.

Among these, SQL injection bugs were one of the most critical ones as this doesn't need any authentication. It can be exploited without any form of privilege or authentication to the attacker. On the advisory mentioned by the Magento team, affected versions are 2.1 prior to 2.1.17, 2.2 prior to 2.2.8, and 2.3 prior to 2.3.1.

This Unauthenticated SQL injection vulnerability was found by the security firm, Ambionics which had also published all the technical detail of the bug. On the post, they mentioned that they have found two critical vulnerabilities were one of them is unauthenticated SQL injection.

SQL Injections allow an attacker to manipulate site arguments to inject their own commands to an SQL database (Oracle, MySQL, MariaDB, MSSQL). Through this vulnerability, they can retrieve sensitive data from an affected site’s database, including usernames and password hashes.

Ambionics have reported the issue to Magento team via BugCrowd platform. Furthermore, they have also mentioned the patch for the bug which can be done by the site admin (if an update is not made). To patch the SQL injection browse to File: vendor/magento/framework/DB/Adapter/Pdo/Mysql.php Line: 2907, and make the following changes.
- $query = $this->_prepareQuotedSqlCondition($query . $conditionKeyMap['to'], $to, $fieldName);
+ $query = $query . $this->_prepareQuotedSqlCondition($conditionKeyMap['to'], $to, $fieldName);

Moreover, Ambionics have also published the exploit code for this bug on GitHub and can be found here.

The SQL vulnerability is very easy to exploit, and we encourage every Magento site owner to update to these recently patched versions to protect their e-commerce websites. Unauthenticated attacks, like the one seen in this particular SQL Injection vulnerability, are very serious because they can be automate.

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.