Jump to content

Archived

This topic is now archived and is closed to further replies.

don01234

shubham_found_xss

Recommended Posts

Hi all,

 

It just started today, when I go to admin/index.php I get this small pop up message "The page at https://mysite says:  /shubham_found_xss/".

 

I found similar thing on web and following is address of screenshot that I found:

 

 https://cloud.githubusercontent.com/assets/81969/2735669/ef35df24-c662-11e3-8f4b-b7ed15b7705b.png

 

Does anyone know how to get rid of this?  Any help will be much appreciated.

 

Thanks,

 

Don

Share this post


Link to post
Share on other sites

Hi Don..

 

A security person has scanned our websites for security vulnerabilities and discovered one on our Add-Ons site that unfortunately propagated through the RSS feed. The Administration Tool Dashboard uses this RSS feed to display the latest Add-Ons. No information of any kind was accessed - only a browser alert box was shown.

 

We've already fixed this on our end and have cleared Google's cache of the RSS feed. If you're still experiencing this, your local cache of the RSS feed can be deleted at the following directory:

 

includes/work/

 

The feeds start with a filename of rss_

 

There should be two which can you safely delete. (one for the latest news, and a second one for the latest add-ons)


:heart:, osCommerce

Share this post


Link to post
Share on other sites

Thank you so much for quick reply, Harald.  

 

Deleted those files and it's working fine.

 

I seen your pics on oscommerce sites but solving problems for little merchant like me. 

Wow all I can say is I'm not worthy, I'm not worthy.   :D

 

Thanks again.

Share this post


Link to post
Share on other sites

Deleting those cache files didn't work for me. I am still having the issue. I think I might prefer to just uninstall the entire RSS module area to prevent future risk.

Share this post


Link to post
Share on other sites

×