| <?php | |
| use Rector\CodeQuality\Rector\Class_\CompleteDynamicPropertiesRector; | |
| use Rector\Config\RectorConfig; | |
| return static function (RectorConfig $rectorConfig): void { | |
| $rectorConfig->rule(CompleteDynamicPropertiesRector::class); | |
| // Define directories to check | |
| $directories = [ |
https://helpx.adobe.com/security/products/magento/apsb23-50.html
The vulnerability with the highest CVSS score of 8.8 (CVE-2023-38218) states that it is an unauthenticated privilege escalation due to improper input validation.
If we look at the diff we see a number of security related changes. One of those changes is the following in Magento\Customer\Plugin\Webapi\Controller\Rest\ValidateCustomerData::validateInputData:
As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.
(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))
**1.
| <?php | |
| declare(strict_types=1); | |
| use Symfony\Component\Console\Output\OutputInterface; | |
| use BigBridge\ProductImport\Api\Importer; | |
| use Magento\Catalog\Api\ProductRepositoryInterface; | |
| use Magento\Framework\Exception\NoSuchEntityException; | |
| use BigBridge\ProductImport\Api\Data\SimpleProduct; | |
| use BigBridge\ProductImport\Api\Data\SimpleProductFactory; | |
| use BigBridge\ProductImport\Api\ImportConfigFactory; | |
| use BigBridge\ProductImport\Api\ImporterFactory; |
To setup your computer to work with *.test domains, e.g. project.test, awesome.test and so on, without having to add to your hosts file each time.
| <?php | |
| namespace MagentoTools; | |
| class Generator | |
| { | |
| private $config = [ | |
| 'type' => CsvSnapshotConfig::class, | |
| 'left' => null, | |
| 'right' => null, |
| /** | |
| * Copyright © Magento, Inc. All rights reserved. | |
| * See COPYING.txt for license details. | |
| * | |
| * => app/design/adminhtml/Namespace/project_name/web/mage/adminhtml/wysiwyg/tiny_mce/tinymce4Adapter.js | |
| */ | |
| /* global popups, tinyMceEditors, MediabrowserUtility, Base64 */ | |
| /* eslint-disable strict */ | |
| define([ |
| # =========================================================================== | |
| # Requirements | |
| # * gh CLI: https://cli.github.com (make sure you are logged-in to the CLI) | |
| # * jq CLI: https://stedolan.github.io/jq | |
| # =========================================================================== | |
| export TARGET_USER=github_user_or_org | |
| export TARGET_REPO=github_repo_name | |
| while : |
Courant septembre, j'ai testé un développement qui cherche des patterns parmi (les certificats TLS venant d'être délivrés publiquement)[http://certstream.calidog.io/]. La limite de cette recherche, c'est qu'elle s'applique sur des noms de domaines et pas des URL complètes ! Il suffit de filtrer ces certificats avec le mot-clé « paypal » pour obtenir des dizaines de noms de domaines malveillants par jour, avec parfois... juste un .zip à la racine. Comme j'en ai attrapé quelques-uns (ici 16shop), c'est l'occasion de les décortiquer ;)
Essayons de comprendre comment les attaquants travaillent !
