Jump to content


Hosting Developers Payment Shipping Accounting Templates Marketing Books

Our Partners


Latest News: (loading..)

- - - - -

option=com_fireboard in url sql attack

Started by altoid, Yesterday, 02:09 PM
sql injection

  • Please log in to reply
No replies to this topic

#1   altoid

altoid
  • Community Sponsor
  • 736 posts
  • Real Name:Steve
  • Gender:Male
  • Location:Hollidaysburg, Pennsylvania

Posted Yesterday, 02:09 PM

checking who's online in one of my 2.3.3 shops I observed something like this:

http://www dot myshop dot com/index.php?option=com_fireboard&func=listcat&page=2

i remember seeing that another time so i googled and found out this

Quote

A SQL Injection vulnerability is detected in the com_fireboard module of the joomla Content Management System.
Remote attackers & low privileged user accounts can execute/inject own sql commands to compromise the application dbms.
The vulnerability is located in the com_fireboard module with the bound vulnerable func fb_ parameter.

Successful exploitation of the vulnerability result in dbms (Server) or application (Web) compromise.

which doesn't apply to oscommerce but i thought i'd put it here in case someone see this on their site and looks the matter up later here in the forum.

the offending ip is from china

all for the good of the order....
I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can.
I remember what it was like when I first started with osC.  It can be overwhelming.
However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.
There are several good pros here on osCommerce.  Look around, you'll figure out who they are.
Back to Security


  1. osCommerce Support Forum
  2. osCommerce Online Merchant v2.x
  3. Security
  4. Privacy Policy
  5. Forum Rules ·