Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Break in attempt?


Guest

Recommended Posts

Keith,

 

 

As long as you have secured your v2.2 site or you are using v2.3.1, then it is not really a concern.

 

 

 

 

Chris

Link to comment
Share on other sites

  • 3 weeks later...

Just to make sure, is the answer the same for this, I should have fixed all the holes for 2.2 but still.

 

REQUEST.cPath=28+onmousedown%3Dctthis%2C+http%3A%2F%2Fmysite.dk%2Findex.php%3FcPath%3D28%2C33%2C6%2CcPath%3D28%2C%2C+00a769711e86c85f347e28f68247524740a29b90ca534da14661%2C+0%2Fadmin%2Fsqlpatch.php%2Fpassword_forgotten.php%3Faction%3Dexecute, GET.cPath=28+onmousedown%3Dctthis%2C+http%3A%2F%2Fmysite.dk%2Findex.php%3FcPath%3D28%2C33%2C6%2CcPath%3D28%2C%2C+00a769711e86c85f347e28f68247524740a29b90ca534da14661%2C+0%2Fadmin%2Fsqlpatch.php%2Fpassword_forgotten.php%3Faction%3Dexecute,

Request URI: /index.php?cPath=28%22%20onmousedown=%22ct(this,%20%27http%3A%2F%2Fmysite.dk%2Findex.php%3FcPath%3D28%27,%2733%27,%276%27,%27%22cPath%3D28%22%27,%27%27,%20%2700a769711e86c85f347e28f68247524740a29b90ca534da14661%27,%200)/admin/sqlpatch.php/password_forgotten.php?action=execute

 

And what are they trying to do.

 

/Jesper

Link to comment
Share on other sites

REQUEST.cPath=28 onmousedown=ctthis, http://mysite.dk/index.php?cPath=28,33,6,cPath=28,, 00a769711e86c85f347e28f68247524740a29b90ca534da14661, 0/admin/sqlpatch.php/password_forgotten.php?action=execute, GET.cPath=28 onmousedown=ctthis, http://mysite.dk/index.php?cPath=28,33,6,cPath=28,, 00a769711e86c85f347e28f68247524740a29b90ca534da14661, 0/admin/sqlpatch.php/password_forgotten.php?action=execute,
Request URI: /index.php?cPath=28" onmousedown="ct(this, 'http://mysite.dk/index.php?cPath=28','33','6','"cPath=28"','', '00a769711e86c85f347e28f68247524740a29b90ca534da14661', 0)/admin/sqlpatch.php/password_forgotten.php?action=execute

 

Looks to me like an attempt to exploit a zencart version 1.3.8 site. Known as the "Zen Cart 1.3.8 Remote SQL Execution Exploit". Most likely this is an automated attack which is not detecting whether or not a site is Zen Cart backed or not before executing the attack vectors.

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

  • 1 month later...

REQUEST.cPath=28 onmousedown=ctthis, http://mysite.dk/index.php?cPath=28,33,6,cPath=28,, 00a769711e86c85f347e28f68247524740a29b90ca534da14661, 0/admin/sqlpatch.php/password_forgotten.php?action=execute, GET.cPath=28 onmousedown=ctthis, http://mysite.dk/index.php?cPath=28,33,6,cPath=28,, 00a769711e86c85f347e28f68247524740a29b90ca534da14661, 0/admin/sqlpatch.php/password_forgotten.php?action=execute,
Request URI: /index.php?cPath=28" onmousedown="ct(this, 'http://mysite.dk/index.php?cPath=28','33','6','"cPath=28"','', '00a769711e86c85f347e28f68247524740a29b90ca534da14661', 0)/admin/sqlpatch.php/password_forgotten.php?action=execute

 

Looks to me like an attempt to exploit a zencart version 1.3.8 site. Known as the "Zen Cart 1.3.8 Remote SQL Execution Exploit". Most likely this is an automated attack which is not detecting whether or not a site is Zen Cart backed or not before executing the attack vectors.

 

I get a whole load of these type of things, many trying to fire up filemanager. The best thing to do is change your admin folder name and then rename it in the defines. It is still annoying!! Also I have installed sitemonitor. Once you are clean it gives you peace of mind.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...