Jump to content

Archived

This topic is now archived and is closed to further replies.

1qay1qay

Exploit Title: osCommerce v2.2 Change Admin Pass

Recommended Posts

This is the code to protect against this attack:

First Write protection.php:

-------protection.php-----

<?$self = $_SERVER['PHP_SELF'];

$pos = strpos($self, 'login.php');if($pos == true){echo "<script language='javascript'>window.location = 'http://server/index.php';</script>";}?>----------------------------Save protection.php in the admin map of oscommercethen paste following code in all pages in the /admin map(expect login.php): include('protection.php')


Baterije & Akumulatorji OsCommerce store

Share this post


Link to post
Share on other sites

×