osCommerce scripts under attack

February 26, 2013 in Around the web

Seems that some kiddies are still using some old exploits to deface websites. In the last 2 days i have noticed lots of logs from defacing attempts that are logged by my daily stat plugin.

dailystat log

Seems that attackers are looking for an osCommerce bug found on Nov 2010 that allow attacker to upload files on remote server.
For those interested here is the bug and the fix.
Edit this file

/admin/includes/application_top.php

Find this line :

$current_page = basename($PHP_SELF);

Replace with :

$current_page = basename($_SERVER['SCRIPT_NAME']);

More about this here : http://addons.oscommerce.com/info/8003