This repository contains a demonstration of the Magento Shoplift vulnerability exploit, also known as Magento Remote Code Execution (RCE) vulnerability. This exploit is provided solely for educational purposes as part of an academic assignment. It is not intended to be used for any malicious activities or to compromise any systems without proper authorization.
- This exploit should only be used in controlled environments, such as virtual machines or isolated networks, for educational and research purposes.
- Execute the exploit using
python3 magento_rce.py <target_url> <username> <password>
command. - Do not attempt to use this exploit on any system without explicit authorization.
- The author and contributors of this repository are not responsible for any misuse or damage resulting from the use of this exploit.
The Magento Shoplift vulnerability, also known as Magento Remote Code Execution (RCE) vulnerability, is a critical security flaw discovered in Magento eCommerce platform versions prior to 1.9.2.3, 1.9.1.1, and 2.0.1. The vulnerability allows an attacker to execute arbitrary code on the server by exploiting the unserialize() function in the Magento application, potentially leading to the complete compromise of the Magento-based website.
For more information about the Magento Shoplift vulnerability and its impact, refer to the CVE-2015-1397 advisory.