Iframe codes in oscommerce stores
Posted by admin on July 30, 2009 under oScommerce Issues, oScommerce Security, osCommerce Services | 
Be the First to Comment
There has been a recent increase of attacks on osCommerce websites using old versions.
Hackers exploit a vulnerability that is usually used for uploading product pictures to the /images directory.
Php files are uploaded in the images directory and executed.
CUstomer and order details are displayed and also emailed to the hackers email address.
Sometimes traces are left by the hacker.
PHP files show up in the images directory (though sometimes they’re deleted after being run).
Gengerally, the following code iframe is added to every product_description and categories_description
We have a process to clean up the database and clean up the images directory
Add A Comment