TagsMagentoAuthenticated Magento RCE with deserialized PHAR filesBack in August 2019, I reported a security vulnerability in Magento affecting versions 2.3.2, 2.3.3, and 2.3.4 using the HackerOne bug bounty platform. The bug impacted some installations of Magento and it allowed us to gain Remote Code Execution based on the way PHAR files are deserialized and by abusing Magento’s Protocol Directives.Author(s)Alexandru PostolachePublished at03 Aug 2022Updated at18 Jul 2023
Authenticated Magento RCE with deserialized PHAR filesBack in August 2019, I reported a security vulnerability in Magento affecting versions 2.3.2, 2.3.3, and 2.3.4 using the HackerOne bug bounty platform. The bug impacted some installations of Magento and it allowed us to gain Remote Code Execution based on the way PHAR files are deserialized and by abusing Magento’s Protocol Directives.Author(s)Alexandru PostolachePublished at03 Aug 2022Updated at18 Jul 2023