Articles by Willems Lab from January 2019
An Interest In:
Web News this Week
- April 25, 2024
- April 24, 2024
- April 23, 2024
- April 22, 2024
- April 21, 2024
- April 20, 2024
- April 19, 2024
< Return to Willems Lab details.
12:00 am - Tue, January 29, 2019
Willems Lab
Bad extensions now main source of Magento hacks: a solution!
In October last year I discovered several Magento extension 0days. As it turns out, this was only the tip of the iceberg: today, insecure 3rd party extensions are used to hack into thousands of stores...
12:00 am - Sun, January 20, 2019
Willems Lab
MySQL client allows MySQL server to request any local file
This week I discovered that large ecommerce and government sites got hacked via the Adminer database tool. As it turns out, the root cause is a protocol flaw in MySQL. Curiously, it is described in th...
12:00 am - Thu, January 17, 2019
Willems Lab
Adminer leaks passwords; Magecart hackers rejoice
Adminer up to 4.6.2 found vulnerable, all should upgrade to 4.7.0
Adminer is a popular PHP tool to administer MySQL and PostgreSQL databases. However, it can be lured to disclose arbitrary files. ...