- Berichten: 5
- Ontvangen bedankjes 0
Known exploit com_oscommerce_personal
9 jaren 3 maanden geleden #1014
door geertech
Known exploit com_oscommerce_personal werd gestart door geertech
Hi,
I got a warning from my provider about outdated version files of OSCommerce, and, much more important, exploit files installed by the module!
Please fix this, as I obviously didn\'t pay for module that installs obscure files...
2. Regular expression match = [symlink\\s*\\(]:
‘/home/heerenva/public_html/components/com_oscommerce/download.php’
3. Script version check [OLD] [osCommerce v2.3.3.4 < v2.3.4]:
‘/home/heerenva/public_html/components/com_oscommerce/includes/configure.php’
4. Known exploit = [Fingerprint Match] [PHP Wordpress Exploit [P0273]]:
‘/home/heerenva/public_html/components/com_oscommerce_personal/images/index.php’
5. Known exploit = [Fingerprint Match] [PHP Wordpress Exploit [P0273]]:
‘/home/heerenva/public_html/components/com_oscommerce_personal/languages/images/index.php’
I got a warning from my provider about outdated version files of OSCommerce, and, much more important, exploit files installed by the module!
Please fix this, as I obviously didn\'t pay for module that installs obscure files...
2. Regular expression match = [symlink\\s*\\(]:
‘/home/heerenva/public_html/components/com_oscommerce/download.php’
3. Script version check [OLD] [osCommerce v2.3.3.4 < v2.3.4]:
‘/home/heerenva/public_html/components/com_oscommerce/includes/configure.php’
4. Known exploit = [Fingerprint Match] [PHP Wordpress Exploit [P0273]]:
‘/home/heerenva/public_html/components/com_oscommerce_personal/images/index.php’
5. Known exploit = [Fingerprint Match] [PHP Wordpress Exploit [P0273]]:
‘/home/heerenva/public_html/components/com_oscommerce_personal/languages/images/index.php’
Graag Inloggen of een account aanmaken deelnemen aan het gesprek.
- Support Team
- Offline
- Moderator
Minder
Meer
- Berichten: 106
- Ontvangen bedankjes 10
9 jaren 2 maanden geleden - 9 jaren 2 maanden geleden #1019
door Support Team
Beantwoord door Support Team in topic Known exploit com_oscommerce_personal
Thank you for this information. We will make the necessary changes in a new version 3.3. if you got more information or requests. Please let us know. Point 3 and 4. You should remove the files!
2 comes from the Super Download Store for Version 2.3.x
You could try to use only the second code, there is no update yet on the Oscommerce website . if you don\'t use the download option, you could consider to remove the code.
3. components/com_oscommerce/includes/configure.php is heavy modified for MarvikShop to work with Joomla. There is not really a connection with Oscommerce versions, other then connections to define the needed files.
2 comes from the Super Download Store for Version 2.3.x
Code:
// BOF Super Download Store v2.3.x mod
symlink(DIR_FS_DOWNLOAD . $downloads[\'orders_products_filename\'], DIR_FS_DOWNLOAD_PUBLIC . $tempdir . \'/\' . $file_name);
tep_redirect(DIR_WS_DOWNLOAD_PUBLIC . $tempdir . \'/\' . $file_name);
} else {
// This will work on all systems, but will need considerable resources
// We could also loop with fread($fp, 4096) to save memory
set_time_limit(0); // Prevent the script from timing out for large files
tep_download_buffered(DIR_FS_DOWNLOAD . $downloads[\'orders_products_filename\']);
// EOF Super Download Store v2.3.x mod
You could try to use only the second code, there is no update yet on the Oscommerce website . if you don\'t use the download option, you could consider to remove the code.
3. components/com_oscommerce/includes/configure.php is heavy modified for MarvikShop to work with Joomla. There is not really a connection with Oscommerce versions, other then connections to define the needed files.
Laatst bewerkt 9 jaren 2 maanden geleden doorAdmin.
Graag Inloggen of een account aanmaken deelnemen aan het gesprek.