The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Find spam-vulnerable osCommerce scripts

Discussion in 'General Discussion' started by gvard, Feb 6, 2006.

  1. gvard

    gvard Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2003
    Messages:
    195
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Athens/GREECE
    cPanel Access Level:
    DataCenter Provider
    Greetings from Greece,

    Many clients that use osCommerce haven't performed the necessary updates, and spammers may use contact_us.php to send spam e-mails via injection.

    Can anyone offer any solution to search all hosting accounts on the server for vulnerable osCommerce contact_us.php pages via shell?


    Thanks! :)
     
  2. jackie46

    jackie46 BANNED

    Joined:
    Jul 25, 2005
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    0
  3. gvard

    gvard Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2003
    Messages:
    195
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Athens/GREECE
    cPanel Access Level:
    DataCenter Provider
    Ok, and which ones from those filters are for osCommerce contact_us.php problem? Is the "osCommerce XSS" section?
     
  4. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    Tracking down spammers and what scripts they use to go through your server is not an easy job. Are you sure the problem is osCommerce only and doesn't include other scripts?
     
  5. gvard

    gvard Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2003
    Messages:
    195
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Athens/GREECE
    cPanel Access Level:
    DataCenter Provider
    Hello,

    Of course one can never be sure that everything is OK and spammer-free, but right now I want to be able to apply this fix:

    http://www.oscommerce.com/community/bugs,3279/status,open/page,2

    I want to find out somehow which contact_us.php files are vulnerable and then notify the clients for the changes they have to make.
     
Loading...

Share This Page