Selecteer de taal

Known exploit com_oscommerce_personal

Meer
10 jaren 10 maanden geleden #1014 door geertech
Hi,
I got a warning from my provider about outdated version files of OSCommerce, and, much more important, exploit files installed by the module!

Please fix this, as I obviously didn\'t pay for module that installs obscure files...

2. Regular expression match = [symlink\\s*\\(]:
‘/home/heerenva/public_html/components/com_oscommerce/download.php’
3. Script version check [OLD] [osCommerce v2.3.3.4 < v2.3.4]:
‘/home/heerenva/public_html/components/com_oscommerce/includes/configure.php’
4. Known exploit = [Fingerprint Match] [PHP Wordpress Exploit [P0273]]:
‘/home/heerenva/public_html/components/com_oscommerce_personal/images/index.php’
5. Known exploit = [Fingerprint Match] [PHP Wordpress Exploit [P0273]]:
‘/home/heerenva/public_html/components/com_oscommerce_personal/languages/images/index.php’

Graag Inloggen of een account aanmaken deelnemen aan het gesprek.

Meer
10 jaren 10 maanden geleden - 10 jaren 10 maanden geleden #1019 door Support Team
Thank you for this information. We will make the necessary changes in a new version 3.3. if you got more information or requests. Please let us know. Point 3 and 4. You should remove the files!

2 comes from the Super Download Store for Version 2.3.x
Code:
// BOF Super Download Store v2.3.x mod symlink(DIR_FS_DOWNLOAD . $downloads[\'orders_products_filename\'], DIR_FS_DOWNLOAD_PUBLIC . $tempdir . \'/\' . $file_name); tep_redirect(DIR_WS_DOWNLOAD_PUBLIC . $tempdir . \'/\' . $file_name); } else { // This will work on all systems, but will need considerable resources // We could also loop with fread($fp, 4096) to save memory set_time_limit(0); // Prevent the script from timing out for large files tep_download_buffered(DIR_FS_DOWNLOAD . $downloads[\'orders_products_filename\']); // EOF Super Download Store v2.3.x mod

You could try to use only the second code, there is no update yet on the Oscommerce website . if you don\'t use the download option, you could consider to remove the code.

3. components/com_oscommerce/includes/configure.php is heavy modified for MarvikShop to work with Joomla. There is not really a connection with Oscommerce versions, other then connections to define the needed files.
Laatst bewerkt 10 jaren 10 maanden geleden door Admin.

Graag Inloggen of een account aanmaken deelnemen aan het gesprek.

Events Joomla
MarvikShop
Finnaly it's here:
 
No bridges, no look a likes!
This is the ultimate integration
between Oscommerce and Joomla!
Documentation
Site Showcase
Follow us