Skip to content
Proof of Concept code of the Shoplift code
Python
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitattributes
.gitignore
README.md
poc.py

README.md

Magento-Shoplift-SQLI

Proof of Concept code of the Shoplift code

This is code exploits a few pretty big flaw in the very popular webshop CMS Magento.

I did not find the exploit, all credits go to Checkpoint. You can read their technical public disclosure here: Analyzing the Magento Vulnerability

Sucuri has a nice blog post about how this flaw is being exploited in the wild: Magento Shoplift (SUPEE-5344) Exploits in the Wild

Byte.nl made a online scanner to see if a website is vulnerable: https://shoplift.byte.nl/

You can’t perform that action at this time.