Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.

Declare Hack


Recommended Posts

Has anyone noticed the declare hack in the 'who's online' feature recently? It seems i'm being hit with it every day. The URL looks something like this:




I've been reading about it, and it seems it is a hack that is trying to get into your SQL database to plant things in there.

Is the oscommerce script protected against this hack, or is ther any updates available for this?

Link to comment
Share on other sites



Remember, What you think I ment may not be what I thought I ment when I said it.




Auto Backup your Database, Easy way


Multi Images with Fancy Pop-ups, Easy way


Products in columns with multi buy etc etc


Disable any Category or Product, Easy way


Secure & Improve your account pages et al.

Link to comment
Share on other sites

I have put the following in my htaccess file:


RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC]

RewriteRule .* - [F]


Can anyone see any problems with this rewrite?

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...