osCommerce scripts under attack

Seems that some kiddies are still using some old exploits to deface websites. In the last 2 days i have noticed lots of logs from defacing attempts that are logged by my daily stat plugin.

dailystat log

Seems that attackers are looking for an osCommerce bug found on Nov 2010 that allow attacker to upload files on remote server.
For those interested here is the bug and the fix.
Edit this file

Find this line :

Replace with :

More about this here : http://addons.oscommerce.com/info/8003

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">