Taipo Posted June 12, 2014 Author Share Posted June 12, 2014 I think if you just include osC_Sec as normal but leave out the other custom code changes that were specifically for 2.2 then it will work fine. Because osCommerce sets PHP_SELF further down in the scope, it doesn't matter what osC_Sec does earlier, it will be overwritten. Let me know how it goes for you. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted June 12, 2014 Share Posted June 12, 2014 Hi I have just been trying to run a cron job and find when the script is run via a url in a browser it works fine but from the command line it generates error messages and the files it is supposed to create/update are not updated. Via url you get these error messages and the sitemap files are generated Notice: Undefined variable: cPath_array in /homepages/x/includes/application_top.php on line 534 Notice: Undefined variable: cPath_array in /homepages/x/includes/application_top.php on line 534 Write /homepages/x/sitemapproducts.xml Generated Google Product Sitemap Successfully Write /homepages//itemapcategories.xml Generated Google Category Sitemap Successfully Write /homepages/sitemapmanufacturers.xml Generated Google Manufacturers Sitemap Successfully Write /homepages/sitemapspecials.xml Generated Google Specials Sitemap Successfully Write /homepages/sitemapindex.xml Generated Google Sitemap Index Successfully CONGRATULATIONS! All files generated successfully. If you have not already submitted the sitemap index to Google click the link below. Before you do I HIGHLY recommend that you view the XML files to make sure the data is correct. http://www.google.com/webmasters/sitemaps/ping?sitemap=http%3A%2F%2Fwww.xxx.ca%2Fsitemapindex.xml For your convenience here is the CRON command for your site: php /kunden/homepages/x/googlesitemap/index.php Here is your sitemap index: http://www.xxx.ca/sitemapindex.xml Here is your product sitemap: http://www.xxx.ca/sitemapproducts.xml Here is your category sitemap: http://www.xxx.ca/sitemapcategories.xml Here is your manufacturers sitemap: http://www.xxx.ca/sitemapmanufacturers.xml Here is your specials sitemap: http://www.xxx.ca/sitemapspecials.xml The command php5 /homepages/x/htdocs/sites/shop/googlesitemap/index.php gives these errors:- X-Powered-By: PHP/5.2.17 Content-type: text/html <br /> <b>Notice</b>: Undefined index: SCRIPT_NAME in <b>/homepages/22/d435242159/htdocs/sites/shop/includes/osc_sec.php</b> on line <b>25</b><br /> <br /> <b>Notice</b>: Undefined index: SCRIPT_NAME in <b>/homepages/22/d435242159/htdocs/sites/shop/includes/osc.php</b> on line <b>11</b><br /> <br /> <b>Notice</b>: Undefined index: SCRIPT_NAME in <b>/homepages/22/d435242159/htdocs/sites/shop/includes/osc_sec.php</b> on line <b>1007</b><br /> <br /> <b>Notice</b>: Undefined index: SCRIPT_FILENAME in <b>/homepages/22/d435242159/htdocs/sites/shop/includes/osc_sec.php</b> on line <b>1021</b><br /> <br /> <b>Notice</b>: Undefined index: SCRIPT_NAME in <b>/homepages/22/d435242159/htdocs/sites/shop/includes/osc_sec.php</b> on line <b>1029</b><br /> and does not execute the line after require_once( DIR_FS_CATALOG . 'includes/osc_sec.php' ); FYI server_info.php shows this _SERVER["SCRIPT_NAME"] /admin/server_info.php SCRIPT_FILENAME /kunden/homepages/xxx/admin/server_info.php Any thoughts on why the cron job will not run? Cheers G Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
Taipo Posted June 12, 2014 Author Share Posted June 12, 2014 Firstly try replacing if ( false !== strpos( strtolower( $_SERVER["SCRIPT_NAME"] ), osCSec_selfchk() ) ) senda404Header(); with if ( false !== strpos( strtolower( getenv( 'SCRIPT_NAME' ) ), osCSec_selfchk() ) ) senda404Header(); For some reason your server is not recognising _SERVER[ 'SCRIPT_NAME' ] so perhaps this might work. If it doesn't then there is some sort of configuration issue with your web server. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted June 12, 2014 Share Posted June 12, 2014 It looks like when googlesitemaps/index.php is run from the command line osc_sec can not identify the script being run and issues a die command but when it is run in a browser via a url it can and so everything completes sucessfully. function phpSelfFix() { if ( false !== ( bool )ini_get( "register_globals" ) || ( ! isset( $HTTP_SERVER_VARS ) ) ) $HTTP_SERVER_VARS = $_SERVER; $filename = null; # this is the RC3 standard code $filename = ( ( ( strlen( ini_get( "cgi.fix_pathinfo" ) ) > 0 ) && ( ( bool )ini_get( "cgi.fix_pathinfo" ) == false ) ) || ! isset( $HTTP_SERVER_VARS["SCRIPT_NAME"] ) ) ? basename( $HTTP_SERVER_VARS["PHP_SELF"] ) : basename( $HTTP_SERVER_VARS["SCRIPT_NAME"] ); if ( false === $this->checkfilename( $filename ) ) { $filename = null; } else return $filename; //die(" 1 :<br>"); # if RC3 fails then try a version of FWR Media's $PHP_SELF code. if ( empty( $filename ) && ( false !== strpos( $_SERVER["SCRIPT_NAME"], ".php" ) ) ) { preg_match( "@[a-z0-9_]+\.php@i", $_SERVER["SCRIPT_NAME"], $matches ); if ( is_array( $matches ) && ( array_key_exists( 0, $matches ) ) && ( substr( $matches[0], -4, 4 ) == ".php" ) && ( is_readable( $matches[0] ) || ( false !== strpos( $_SERVER["SCRIPT_NAME"], "ext/modules/" ) ) ) ) { $filename = $matches[0]; } if ( false === $this->checkfilename( $filename ) ) { $filename = null; } else return $filename; } # if that fails then try osC_Sec $PHP_SELF code if ( empty( $filename ) && false !== $this->issetStrlen( $_SERVER["SCRIPT_FILENAME"] ) ) { $tmp = explode( "/", $_SERVER["SCRIPT_FILENAME"] ); if ( is_array( $tmp ) ) { $filename = $tmp[count( $tmp ) - 1]; } if ( false !== $this->checkfilename( $filename ) ) { return $filename; } } elseif ( ( $_SERVER["PHP_SELF"] == "/" ) || ( $_SERVER["SCRIPT_NAME"] == "/" ) ) { return "index.php"; } else { die(); // prevent the page from executing } } I changed the last line to die("osc die"); // prevent the page from executing and the cron job now displays X-Powered-By: PHP/5.2.17Content-type: text/htmlosc die Do you think you will be able to alter this to check __FILE__ ( see http://www.php.net//manual/en/reserved.variables.server.php) or will a wrapper script along the lines of <?phpputenv('xxxxxxx', 'index.php');include(/yyyyyy/yyyyy/yyyy/googlesitemap/index.php'); ?> need to be distributed. CheersG Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
Taipo Posted June 12, 2014 Author Share Posted June 12, 2014 I think in the instance you are encountering that its best you just comment out that line if ( false !== strpos( strtolower( $_SERVER["SCRIPT_NAME"] ), osCSec_selfchk() ) ) senda404Header(); All that does is try to prevent direct loading of the osc_sec.php file. The class will work without it. That should allow the cron to run without triggering anything in osC_Sec. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted June 12, 2014 Share Posted June 12, 2014 Firstly try replacing if ( false !== strpos( strtolower( $_SERVER["SCRIPT_NAME"] ), osCSec_selfchk() ) ) senda404Header(); with if ( false !== strpos( strtolower( getenv( 'SCRIPT_NAME' ) ), osCSec_selfchk() ) ) senda404Header(); For some reason your server is not recognising _SERVER[ 'SCRIPT_NAME' ] so perhaps this might work. If it doesn't then there is some sort of configuration issue with your web server. Funnily enough it is getting past this check and failing on line 79 # reliably set $PHP_SELF as a filename global $PHP_SELF; $PHP_SELF = $this->phpSelfFix(); I put die commands before and after this line and the one before stopped processing and when I removed it the one after did not get invoked. If I comment out $PHP_SELF = $this->phpSelfFix(); I get Status: 403 Access Denied X-Powered-By: PHP/5.2.17 Content-Length: 0 Content-type: text/html I even emptied out my trapped_txt file in the banned dir to see if that would help. Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
Taipo Posted June 12, 2014 Author Share Posted June 12, 2014 If commenting out that line still triggers osC_Sec, then try customising the _BYPASS function for example find: # bypass all files in a directory. Use this sparingly $dir_bypass = array( "/ext/modules/payment" ); and change it to # bypass all files in a directory. Use this sparingly $dir_bypass = array( "/ext/modules/payment", "/googlesitemaps" ); Assuming googlesitemaps directory is located in the root directory. That way if that file is executed ( or any file within googlesitemaps directory ), it should bypass osC_Sec in theory. Then edit the phpSelfFix with the following. On the line below: function phpSelfFix() { Add if ( false === $this->byPass() ) return 'index.php'; So it should look like: function phpSelfFix() { if ( false === $this->byPass() ) return 'index.php'; // the rest of the function here..... Its a hack of an idea, and not recommended, but lets see if that actually works. osC_Sec purposefully tries to prevent rogue files reading it, and rogue command executions from making changes to it, so its actually doing its job, it just needs to be told that the google cron job is not rogue. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted June 12, 2014 Share Posted June 12, 2014 Seemed like a good idea but have just moved on to a new error Status: 403 Access DeniedX-Powered-By: PHP/5.2.17Content-Length: 0Content-type: text/html Don't you just love it. G Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
Taipo Posted June 12, 2014 Author Share Posted June 12, 2014 Sorry that line to change should have read $dir_bypass = array( "/ext/modules/payment", "/googlesitemap" ); I added an s by accident. Try that first. If that doesnt work, then try this then, having reverted the changes except for the first one ( SCRIPT_NAME ): Find ( should be the line you first edited ): if ( false !== strpos( strtolower( getenv( 'SCRIPT_NAME' ) ), osCSec_selfchk() ) ) senda404Header(); and add this line under it: if ( false !== strpos( strtolower( getenv( 'SCRIPT_NAME' ) ), 'googlesitemap/index.php' ) ) return; - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted June 12, 2014 Share Posted June 12, 2014 still get Status: 403 Access DeniedX-Powered-By: PHP/5.2.17Content-Length: 0Content-type: text/html Cheers G Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted June 12, 2014 Share Posted June 12, 2014 nothing in either of those fields die( strtolower( getenv( 'SCRIPT_NAME' ) ) . ":" . strtolower( $_SERVER["SCRIPT_NAME"] )); displays : So both are empty Cheers G Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
Taipo Posted June 12, 2014 Author Share Posted June 12, 2014 Where is the server the site is located on hosted Geoffrey? - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted June 13, 2014 Share Posted June 13, 2014 1 and 1 Jack has given me an alternative cron to try. cd /home/USERNAME/public_html/googlesitemap/; /usr/local/bin/php -c /home/USERNAME/public_html/php.ini -q /home/USERNAME/public_html/googlesitemap/index.php I'll let you know if it worked. Cheers G Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
Roaddoctor Posted June 13, 2014 Share Posted June 13, 2014 Geoffrey I had similar problem wayyy back - this cron works for me. Hope it helps cd /var/xxx/xxx/googlesitemap/; php index.php -Dave Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted June 14, 2014 Share Posted June 14, 2014 I had to go for this in osc.phpReplace $osC_Sec = new osC_Sec(); $osC_Sec->Sentry( $timestampOffset,$nonGETPOSTReqs,$spiderBlock,$banipaddress,$useIPTRAP, $ipTrapBlocked,$emailenabled,$youremail,$fromemail,$disable_tellafriend ); with if ($_SERVER['PWD'] != '/homepages/xxxxx/googlesitemap') { $osC_Sec = new osC_Sec(); $osC_Sec->Sentry( $timestampOffset,$nonGETPOSTReqs,$spiderBlock,$banipaddress,$useIPTRAP, $ipTrapBlocked,$emailenabled,$youremail,$fromemail,$disable_tellafriend ); } There are a couple more changes I made but will post in http://www.oscommerce.com/forums/topic/330175-google-xml-sitemap-seo/page-68#entry1699940HTH someoneG Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
BearDown Posted June 15, 2014 Share Posted June 15, 2014 Hi Taipo, What are the implications of OSC Sec with OSC Version 2.3.4 especially the changes to PHP Self as detailed here: http://library.oscommerce.com/Online&en&oscom_2_3&release_notes&v2_3_4#upg6 Many Thanks I think if you just include osC_Sec as normal but leave out the other custom code changes that were specifically for 2.2 then it will work fine. Because osCommerce sets PHP_SELF further down in the scope, it doesn't matter what osC_Sec does earlier, it will be overwritten. Let me know how it goes for you. Just a follow up to Mort's question with the change below in 2.3.4: // set php_self in the local scope $req = parse_url($HTTP_SERVER_VARS['SCRIPT_NAME']); $PHP_SELF = substr($req['path'], ($request_type == 'NONSSL') ? strlen(DIR_WS_HTTP_CATALOG) : strlen(DIR_WS_HTTPS_CATALOG)); Does making the below change obsolete? Or should we change the above line to your code anyways? // set php_self in the local scope if( !isset( $PHP_SELF ) ) { if ( @phpversion() >= "5.0.0" && ( !ini_get("register_long_arrays" ) || @ini_get("register_long_arrays" ) == "0" || strtolower(@ini_get("register_long_arrays" ) ) == "off" ) ) $HTTP_SERVER_VARS = $_SERVER; $PHP_SELF = ( ( ( strlen( ini_get('cgi.fix_pathinfo' ) ) > 0 ) && ( ( bool ) ini_get('cgi.fix_pathinfo' ) == false ) ) || !isset( $HTTP_SERVER_VARS['SCRIPT_NAME' ] ) ) ? basename( $HTTP_SERVER_VARS[ 'PHP_SELF' ] ) : basename( $HTTP_SERVER_VARS[ 'SCRIPT_NAME' ] ); } Thank you for your (many) contribution(s) and time. Link to comment Share on other sites More sharing options...
Taipo Posted June 15, 2014 Author Share Posted June 15, 2014 Use the latest code, it looks to be a solid update of the previous method of setting the $PHP_SELF. The only thing needed to implement osC_Sec into later versions of 2.x is the require require_once( DIR_FS_CATALOG . 'includes/osc_sec.php' ); But for any of the earlier versions, the standard changes apply. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
FrankCRFG Posted April 10, 2015 Share Posted April 10, 2015 I was looking at Osc_sec. I have Oscommerce Version : 2.3.4 Since is it stated it is for versions EARLIER than 2.3 Does Osc_Sec do anything to help security on Ver 2.3.4 ? I was wondering if Osc_sec works with it, and if so what do I need to change to get it to work If not, anything else to enhance security? Link to comment Share on other sites More sharing options...
Taipo Posted April 10, 2015 Author Share Posted April 10, 2015 osC_Sec was not designed for 2.3.4 but it has a lot of general security that it does that has and will help in the future where addon coders or even site dev make coding errors that inadvertently allow for attacks to happen. Some of the code in osC_Sec was designed specifically for the older vulnerable versions of osCommerce. For a simplified version of osC_Sec that does not contain the code specific for the earlier vulnerable versions of osCommerce, try the Pareto Security link in my sig. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
FrankCRFG Posted April 10, 2015 Share Posted April 10, 2015 @@Taipo I had looked at that sit, but it just looks like code to me. Is it an addon? is there instructions? Link to comment Share on other sites More sharing options...
Taipo Posted April 10, 2015 Author Share Posted April 10, 2015 Not on osCommerce Go to https://github.com/Taipo/Pareto_Security/releases/tag/1.0.1 and download the zip file or copy paste the code from: https://github.com/Taipo/Pareto_Security/blob/master/pareto_security.php into a file called pareto_security.php Upload it to both your includes directory. Then open both application_top.php files, navigate to: // load server configuration parameters if (file_exists('includes/local/configure.php')) { // for developers include('includes/local/configure.php'); } else { include('includes/configure.php'); } And on the next line put: require( 'pareto_security.php' ); You can leave the other custom settings to their default setting. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
FrankCRFG Posted April 10, 2015 Share Posted April 10, 2015 @@Taipo One question. Which includes directory you mean the one off the main directory or under the admin directory? Link to comment Share on other sites More sharing options...
Taipo Posted April 10, 2015 Author Share Posted April 10, 2015 Upload a copy of pareto_security.php to both. Add the edit code into both application_top.php files too. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
FrankCRFG Posted April 10, 2015 Share Posted April 10, 2015 Thans for the quick responce to my question. Sorry I had missed that line in your prior instructions. I have installed it. How do tell it is working? I see who is online with two new ones as being from china since I installed this. Link to comment Share on other sites More sharing options...
Taipo Posted April 10, 2015 Author Share Posted April 10, 2015 Try something like: ( replace http://www.yourdomainname.com/with your own shop domain ) http://www.yourdomainname.com/?id=UNION+SELECT+FreeEnergy+FROM+Ether+WHERE+TypeId=1 This simulates what a database injection attempt might look like. If its working then the page will not load. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.