Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Server Hack? found in Whos_Online.php


DogFoodIT

Recommended Posts

Hi all i just noticed this in the Who's Online page in admin, looks to be a server hack of some sort?

 

https://mysite.com.au/%70%68%70%70%61%74%68/%70%68%70?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E

 

transformed to:

https://mysite.com.au/phppath/php?
-d+allow_url_include=on
							 +-d+safe_mode=off
							 +-d+suhosin.simulation=on
							 +-d+disable_functions=""
							 +-d+open_basedir=none
							 +-d+auto_prepend_file=php://input+-n

 

 

can anyone shead some light on the matter? is it trying to apend injections to the forms?

 

Thanks in advance

Link to comment
Share on other sites

@@DunWeb

 

Thanks for that, would you know what it is trying to do? is it trying to use the input function to include remote files or add new files to the server? I can see it is trying to configure settings to gain access. Would this be classed as some sort of XSS?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...