Jump to content


This topic is now archived and is closed to further replies.


Exploit Title: osCommerce v2.2 Change Admin Pass

Recommended Posts

This is the code to protect against this attack:

First Write protection.php:


<?$self = $_SERVER['PHP_SELF'];

$pos = strpos($self, 'login.php');if($pos == true){echo "<script language='javascript'>window.location = 'http://server/index.php';</script>";}?>----------------------------Save protection.php in the admin map of oscommercethen paste following code in all pages in the /admin map(expect login.php): include('protection.php')

Baterije & Akumulatorji OsCommerce store

Share this post

Link to post
Share on other sites