- Posts: 5
- Thank you received: 0
Known exploit com_oscommerce_personal
9 years 4 months ago #1014
by geertech
Known exploit com_oscommerce_personal was created by geertech
Hi,
I got a warning from my provider about outdated version files of OSCommerce, and, much more important, exploit files installed by the module!
Please fix this, as I obviously didn\'t pay for module that installs obscure files...
2. Regular expression match = [symlink\\s*\\(]:
‘/home/heerenva/public_html/components/com_oscommerce/download.php’
3. Script version check [OLD] [osCommerce v2.3.3.4 < v2.3.4]:
‘/home/heerenva/public_html/components/com_oscommerce/includes/configure.php’
4. Known exploit = [Fingerprint Match] [PHP Wordpress Exploit [P0273]]:
‘/home/heerenva/public_html/components/com_oscommerce_personal/images/index.php’
5. Known exploit = [Fingerprint Match] [PHP Wordpress Exploit [P0273]]:
‘/home/heerenva/public_html/components/com_oscommerce_personal/languages/images/index.php’
I got a warning from my provider about outdated version files of OSCommerce, and, much more important, exploit files installed by the module!
Please fix this, as I obviously didn\'t pay for module that installs obscure files...
2. Regular expression match = [symlink\\s*\\(]:
‘/home/heerenva/public_html/components/com_oscommerce/download.php’
3. Script version check [OLD] [osCommerce v2.3.3.4 < v2.3.4]:
‘/home/heerenva/public_html/components/com_oscommerce/includes/configure.php’
4. Known exploit = [Fingerprint Match] [PHP Wordpress Exploit [P0273]]:
‘/home/heerenva/public_html/components/com_oscommerce_personal/images/index.php’
5. Known exploit = [Fingerprint Match] [PHP Wordpress Exploit [P0273]]:
‘/home/heerenva/public_html/components/com_oscommerce_personal/languages/images/index.php’
Please Log in or Create an account to join the conversation.
- Support Team
- Offline
- Moderator
Less
More
- Posts: 106
- Thank you received: 10
9 years 4 months ago - 9 years 4 months ago #1019
by Support Team
Replied by Support Team on topic Known exploit com_oscommerce_personal
Thank you for this information. We will make the necessary changes in a new version 3.3. if you got more information or requests. Please let us know. Point 3 and 4. You should remove the files!
2 comes from the Super Download Store for Version 2.3.x
You could try to use only the second code, there is no update yet on the Oscommerce website . if you don\'t use the download option, you could consider to remove the code.
3. components/com_oscommerce/includes/configure.php is heavy modified for MarvikShop to work with Joomla. There is not really a connection with Oscommerce versions, other then connections to define the needed files.
2 comes from the Super Download Store for Version 2.3.x
Code:
// BOF Super Download Store v2.3.x mod
symlink(DIR_FS_DOWNLOAD . $downloads[\'orders_products_filename\'], DIR_FS_DOWNLOAD_PUBLIC . $tempdir . \'/\' . $file_name);
tep_redirect(DIR_WS_DOWNLOAD_PUBLIC . $tempdir . \'/\' . $file_name);
} else {
// This will work on all systems, but will need considerable resources
// We could also loop with fread($fp, 4096) to save memory
set_time_limit(0); // Prevent the script from timing out for large files
tep_download_buffered(DIR_FS_DOWNLOAD . $downloads[\'orders_products_filename\']);
// EOF Super Download Store v2.3.x mod
You could try to use only the second code, there is no update yet on the Oscommerce website . if you don\'t use the download option, you could consider to remove the code.
3. components/com_oscommerce/includes/configure.php is heavy modified for MarvikShop to work with Joomla. There is not really a connection with Oscommerce versions, other then connections to define the needed files.
Last edit: 9 years 4 months ago by Admin.
Please Log in or Create an account to join the conversation.