TheGuy Posted July 1, 2013 Posted July 1, 2013 Had a hacking attempt over the weekend. He was able to hack into an affiliate account -- not no real harm done that we can see. THis is what is in our apache logs. Several lines like this -- but I can't tell what he was attempting to do. Anyone fill me in? We know he knows the name of our database. Not sure how he could find that out. Thanks. /product_info.php?products_id=409+and+select 1 from(select count(*),concat((select (select (select concat(0x7e,0x27,count(*),0x27,0x7e) from `OUR-DATABASE_NAME`.orders)) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1
burt Posted July 1, 2013 Posted July 1, 2013 This is a SQL injection attack. If he got into an aff account then you are running an outdated and insecure osCommerce, so I suggest you upgrade to 2.3.3 immediately. The particular injection you posted counts the number of orders made at your shop.
♥geoffreywalton Posted July 1, 2013 Posted July 1, 2013 If he can get that, then extracting customer info or inserting fake orders is entirely possible. Cheers G Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>.
TheGuy Posted July 2, 2013 Author Posted July 2, 2013 Thank you for your help. Unforunately, we've made 1001 code changes, and won't be able to quickly upgrade. Is there a fix for that particular hack that anyone knows of? We've blocked his IP, but he comes back with another and another. Thanks.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.