osCommerce scripts under attack

Your ads will be inserted here by

Google Adsense.

Please go to the plugin admin page to set up your ad code.

Seems that some kiddies are still using some old exploits to deface websites. In the last 2 days i have noticed lots of logs from defacing attempts that are logged by my daily stat plugin.

dailystat log

Seems that attackers are looking for an osCommerce bug found on Nov 2010 that allow attacker to upload files on remote server.
For those interested here is the bug and the fix.
Edit this file

Your ads will be inserted here by

Google Adsense.

Please go to the plugin admin page to set up your ad code.

/admin/includes/application_top.php

Find this line :

$current_page = basename($PHP_SELF);

Replace with :

$current_page = basename($_SERVER['SCRIPT_NAME']);

More about this here : http://addons.oscommerce.com/info/8003

Your ads will be inserted here by

Google Adsense.

Please go to the plugin admin page to set up your ad code.

avatar

Alex Gabriel

Weird php programer , bloger , computer forensics addict . In my free time (if any) i lose few hours google'ing for interesting stuff .

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code lang=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>