Jump to content

Archived

This topic is now archived and is closed to further replies.

keithclarksubstop

Break in attempt?

Recommended Posts

Keith,

 

 

As long as you have secured your v2.2 site or you are using v2.3.1, then it is not really a concern.

 

 

 

 

Chris


:|: Was this post helpful ? Click the LIKE THIS button :|:

 

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

Share this post


Link to post
Share on other sites

Just to make sure, is the answer the same for this, I should have fixed all the holes for 2.2 but still.

 

REQUEST.cPath=28+onmousedown%3Dctthis%2C+http%3A%2F%2Fmysite.dk%2Findex.php%3FcPath%3D28%2C33%2C6%2CcPath%3D28%2C%2C+00a769711e86c85f347e28f68247524740a29b90ca534da14661%2C+0%2Fadmin%2Fsqlpatch.php%2Fpassword_forgotten.php%3Faction%3Dexecute, GET.cPath=28+onmousedown%3Dctthis%2C+http%3A%2F%2Fmysite.dk%2Findex.php%3FcPath%3D28%2C33%2C6%2CcPath%3D28%2C%2C+00a769711e86c85f347e28f68247524740a29b90ca534da14661%2C+0%2Fadmin%2Fsqlpatch.php%2Fpassword_forgotten.php%3Faction%3Dexecute,

Request URI: /index.php?cPath=28%22%20onmousedown=%22ct(this,%20%27http%3A%2F%2Fmysite.dk%2Findex.php%3FcPath%3D28%27,%2733%27,%276%27,%27%22cPath%3D28%22%27,%27%27,%20%2700a769711e86c85f347e28f68247524740a29b90ca534da14661%27,%200)/admin/sqlpatch.php/password_forgotten.php?action=execute

 

And what are they trying to do.

 

/Jesper

Share this post


Link to post
Share on other sites

REQUEST.cPath=28 onmousedown=ctthis, http://mysite.dk/index.php?cPath=28,33,6,cPath=28,, 00a769711e86c85f347e28f68247524740a29b90ca534da14661, 0/admin/sqlpatch.php/password_forgotten.php?action=execute, GET.cPath=28 onmousedown=ctthis, http://mysite.dk/index.php?cPath=28,33,6,cPath=28,, 00a769711e86c85f347e28f68247524740a29b90ca534da14661, 0/admin/sqlpatch.php/password_forgotten.php?action=execute,
Request URI: /index.php?cPath=28" onmousedown="ct(this, 'http://mysite.dk/index.php?cPath=28','33','6','"cPath=28"','', '00a769711e86c85f347e28f68247524740a29b90ca534da14661', 0)/admin/sqlpatch.php/password_forgotten.php?action=execute

 

Looks to me like an attempt to exploit a zencart version 1.3.8 site. Known as the "Zen Cart 1.3.8 Remote SQL Execution Exploit". Most likely this is an automated attack which is not detecting whether or not a site is Zen Cart backed or not before executing the attack vectors.


- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Share this post


Link to post
Share on other sites

REQUEST.cPath=28 onmousedown=ctthis, http://mysite.dk/index.php?cPath=28,33,6,cPath=28,, 00a769711e86c85f347e28f68247524740a29b90ca534da14661, 0/admin/sqlpatch.php/password_forgotten.php?action=execute, GET.cPath=28 onmousedown=ctthis, http://mysite.dk/index.php?cPath=28,33,6,cPath=28,, 00a769711e86c85f347e28f68247524740a29b90ca534da14661, 0/admin/sqlpatch.php/password_forgotten.php?action=execute,
Request URI: /index.php?cPath=28" onmousedown="ct(this, 'http://mysite.dk/index.php?cPath=28','33','6','"cPath=28"','', '00a769711e86c85f347e28f68247524740a29b90ca534da14661', 0)/admin/sqlpatch.php/password_forgotten.php?action=execute

 

Looks to me like an attempt to exploit a zencart version 1.3.8 site. Known as the "Zen Cart 1.3.8 Remote SQL Execution Exploit". Most likely this is an automated attack which is not detecting whether or not a site is Zen Cart backed or not before executing the attack vectors.

 

I get a whole load of these type of things, many trying to fire up filemanager. The best thing to do is change your admin folder name and then rename it in the defines. It is still annoying!! Also I have installed sitemonitor. Once you are clean it gives you peace of mind.

Share this post


Link to post
Share on other sites

htaccess protect your admin.

 

Satish


Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site.

 

Check My About US For who am I and what My company does.

Share this post


Link to post
Share on other sites

×