Tag Archives CSRF

Opencart has been the most sought-after platform as a store management system for e-commerce merchants. Owing to its simplified design, interactive UI and ease of use, Opencart is largely favored for retail activities online. However, in light of its popularity, Opencart has notoriously garnered a reputation for being an eye candy for hackers and other attackers with malicious intent. As…

Magento SUPEE-10266 and New Versions: Update Immediately

Magento, one of the most favored e-commerce platforms, is often a target for cyber-criminals. Its huge popularity owes to its strict security practices, a timely update of system core and immediate fixes to security issues. Magento's latest security update contains multiple security enhancements. These updates relate to the Magento Open Source (formerly Community Edition) and Magento Commerce (formerly Enterprise Edition).…

Third in line for the world's most popular Content Management System after juggernaut Wordpress and Joomla, Drupal is a sought after CMS powering websites including MTV, Popular Science, Sony Music, Harvard and MIT. Like every other CMS, Drupal has been at the center of notoriety a few times due to impending vulnerabilities in it. Listed below are the 5 most critical…

Recently, we published an update on a severe Magento vulnerability which was released by the DefenceCode team. Soon after Bosko Stankovic (the Defensecode researcher who discovered this Magento vulnerability) released a follow-up article. Bosko confirms that Magento would be patching these in the upcoming updates. Through this article, Astra aims to explain the severity of these vulnerabilities, and how one needs to…

CSRF-All You Need to Know -Astra Security

Cross-Site Request Forgery (CSRF) is one of the most rampantly occurring online attack. Also notoriously known as XSRF or “Sea-Surf”, it is listed as the 8th most common web application vulnerability in the OWASP Top 10 report of 2017 cyber-attacks. Understanding CSRF Execution of a CSRF attack involves a malicious website sending a request to a web application via another formerly authenticated…

Recently a new severe 0-day Magento vulnerability has been released by DefenceCode team in an advisory. If you are vulnerable from this, attackers are capable of remotely executing  arbitrary code. As of now the vulnerability has been confirmed for the Magento Community edition as the researcher did not test for the enterprise edition. But since both the version use same base code there is…

Close