This vulnerability allowed unauthenticated users to execute arbitrary SQL commands. GitHub PoCs for this often show how to extract the admin_user table, which contains the salted hashes of administrator passwords.
The vulnerability resides in the way Magento handled guest checkouts and processed specific requests through the Mage_Adminhtml_DashboardController . An attacker could send a specially crafted POST request to the server that bypassed authentication.
Beyond Shoplift, Magento 1.9.0.0 is susceptible to several other exploits frequently documented in GitHub repositories:
This vulnerability allowed unauthenticated users to execute arbitrary SQL commands. GitHub PoCs for this often show how to extract the admin_user table, which contains the salted hashes of administrator passwords.
The vulnerability resides in the way Magento handled guest checkouts and processed specific requests through the Mage_Adminhtml_DashboardController . An attacker could send a specially crafted POST request to the server that bypassed authentication. magento 1.9.0.0 exploit github
Beyond Shoplift, Magento 1.9.0.0 is susceptible to several other exploits frequently documented in GitHub repositories: magento 1.9.0.0 exploit github