Comments on: Hacking Magento

By: Hacking

Hacking — Mon, 30 Jan 2012 07:21:02 +0000

Someone necessarily lend a hand to make critically articles I might state. That is the very first time I frequented your website page and up to now? I amazed with the analysis you made to create this particular post incredible. Excellent job!

By: Jason McKenzie

Jason McKenzie — Mon, 05 Sep 2011 03:15:01 +0000

can it be hacked though

By: bob

bob — Wed, 27 Oct 2010 06:53:48 +0000

still, that eval is unnecessary.
eval(‘$this->’.$string.’=”‘.$value.’”;’);
could be written as
$this->$string=$value;

By: Five Bad Reasons for using Magento at Nicollet.Net

Five Bad Reasons for using Magento at Nicollet.Net — Fri, 11 Jun 2010 06:42:20 +0000

[...] Hacking Magento : a peek at various common security vulnerabilities and whether Magento is subject to them [...]

By: Magento/Wordpress injection vulnerability | Manchester Magento web design, development, Magento hosting and aftercare :: sonassi

Wed, 13 Jan 2010 19:20:38 +0000

[...] is a nice article on hacking Magento at nicollet.net. Last 5 posts in Knowledge BaseIMAP/POP3/SMTP DetailsQuick script to batch create [...]

By: Victor Nicollet

Victor Nicollet — Sat, 28 Mar 2009 02:11:19 +0000

I didn’t say Magento was secure, I just said there were no obvious security flaws on the other hand, there are a few XSRF vulnerabilities, as recently illustrated.

By: Krystian

Krystian — Fri, 27 Mar 2009 20:38:20 +0000

Hehe, very nice article, we had few websites hacked by the Joomla’s password inject thingie, painful

So it seems that Magento is secure as hell, very nice analysis.

I cannot not notice that you didn’t “end” your post, it seems like it just got cut, you could write some kind of summary at the end.

But still overall, a very nice description of Magento’s defence system