[marak830]

I'm still confused as to how they could insert code here.

Are we talking about a server intrustion where they modified the actual cart code, or something between Newegg and the payment servers? (Sorry this isn't my domain, I'm just curious)

[lacker]

It looks to me like a server intrusion where they modified static files kept on a webserver (like apache or nginx). But it also seems like we don't have enough evidence to know for sure. (Edit: or they might have been static files kept on a CMS.)