Jump to content

Archived

This topic is now archived and is closed to further replies.

altoid

option=com_fireboard in url sql attack

Recommended Posts

checking who's online in one of my 2.3.3 shops I observed something like this:

 

http://www dot myshop dot com/index.php?option=com_fireboard&func=listcat&page=2

 

i remember seeing that another time so i googled and found out this

 

A SQL Injection vulnerability is detected in the com_fireboard module of the joomla Content Management System.

Remote attackers & low privileged user accounts can execute/inject own sql commands to compromise the application dbms.

The vulnerability is located in the com_fireboard module with the bound vulnerable func fb_ parameter.

 

Successful exploitation of the vulnerability result in dbms (Server) or application (Web) compromise.

 

which doesn't apply to oscommerce but i thought i'd put it here in case someone see this on their site and looks the matter up later here in the forum.

 

the offending ip is from china

 

all for the good of the order....


I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can.

I remember what it was like when I first started with osC. It can be overwhelming.

However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.

There are several good pros here on osCommerce. Look around, you'll figure out who they are.

Share this post


Link to post
Share on other sites

×