We first used KDA when we started in 2001, as we grew we moved away. We soon realised how important it is to have a company who offer personal service and pride themselves in... [more]ePHOTOzine

osCommerce & WordPress Exploit

Tel: 0800 542 9764

We’ve been made aware of a new exploit that appears to have been launched today that is so far targeting WordPress and osCommerce installations. If you are running either of these pieces of software we recommend that you upgrade to the latest version as soon as possible. With osCommerce we would actually recommend you switch to an alternative product such as Zen Cart, as the development process is very slow and often stagnates.

The exploit itself creates .htaccess files in any directory where it has write permissions and places the following two lines in it, or on the end of an existing .htaccess:

AddType application/x-httpd-php .php .phtml .php3 .php4 .php5 .htm .html
/tmp/25454b22bf39c75795851f39d5e347c4

The file: /tmp/25454b22bf39c75795851f39d5e347c4 claims to be mini suhosin, part of the Suhosin PHP security software, this is not the case. The exploit also tries to leave a back door shell in to infected system by leaving a shell process called minisuhosin running.

2 thoughts on “osCommerce & WordPress Exploit

  1. BenHarris

    Hi,

    I’ve also just seen this exploit against a cPanel account with both osCommerce and WordPress installed.

    Just a little heads up, but I realised that my tmp directory wasn’t noexec. If you just make your tmp noexec, it should prevent further exploits of this kind.

    Regards

    Ben

Leave a Comment