As warned a few days ago, the Magento Shoplift (SUPEE-5344) vulnerability details have been disclosed by the CheckPoint team. They show step by step how it can be exploited to take over a vulnerable Magento site.
They have prepared the following video showing a Proof of Concept (PoC) in which they create a fake coupon:
That’s a simple example. This vulnerability can be exploited in much more devastating ways.
Magento ShopLift in the Wild
As expected, it is now actively being exploited.
In less than 24 hours since the disclosure, we have started to see attacks via our WAF logs trying to exploit this vulnerability. It seems to be coming from a specific crime group, since they all look the same: