· Checking if file_manager.php wisely has been removed... [OK]
--> More info at http://www.techjournal.info/2009/10/oscommerce-filemanager-hack-exploit.html
· Checking if define_language.php wisely has been removed... [OK]
--> More info at http://www.techjournal.info/2009/10/oscommerce-filemanager-hack-exploit.html
· Checking if admin folder wisely has been renamed... [OK]
· Checking if admin folder is protected via .htaccess require user... [VULNERABLE]
--> Protecting your admin folder with .htaccess secures most admin exploits.
· Checking if configure.php is write protected in catalog... [VULNERABLE]
--> Please chmod file to 444.
· Checking if configure.php is write protected in admin... [VULNERABLE]
--> Please chmod file to 444.
· Checking for tep_db_input() XSS vulnerability in admin... [VULNERABLE]
---> Fix available at http://addons.oscommerce.com/info/6546
· Checking for critical admin $PHP_SELF aka "login.php" HTTP GET vulnerability... [VULNERABLE]
--> More info at http://www.webpayments.ie/blog/serious-oscommerce-vulnerability-exposed.html, http://forums.oscommerce.com/topic/348589-serious-hole-found-in-oscommerce
· Checking for "Contact_us" XSS vulnerability... [VULNERABLE]
--> More info at http://www.vupen.com/english/advisories/2005/0171
· Checking for "oscid" Session Fixation vulnerability... [VULNERABLE]
--> More info at http://forums.oscommerce.com/topic/333351-oscommerce-oscid-session-fixation-vulnerability/
· Warning: Could be an infection, please investigate the eval() command: (/var/www/vhosts/milica.es/oscommerces/oscommerce/espana/ad123FDS/feedmachine.php) [eval() command]
· Warning: File is most probably infected: (/var/www/vhosts/milica.es/oscommerces/oscommerce/espana/ad123FDS/includes/classes/ipinfodb.class.php) [Trojan]
· Warning: Could be an infection, please investigate the eval() command: (/var/www/vhosts/milica.es/oscommerces/oscommerce/espana/ad123FDS/includes/functions/1____general.php) [eval() command]
· Warning: File is most probably infected: (/var/www/vhosts/milica.es/oscommerces/oscommerce/espana/ad123FDS/includes/functions/222222sitemonitor_functions.php) [Goog1e_analist]
· Warning: Could be an infection, please investigate the eval() command: (/var/www/vhosts/milica.es/oscommerces/oscommerce/espana/ad123FDS/includes/functions/41-b__general.php) [eval() command]
· Warning: File is most probably infected: (/var/www/vhosts/milica.es/oscommerces/oscommerce/espana/ad123FDS/includes/functions/sitemonitor_functions.php) [Goog1e_analist]
· Warning: Could be an infection, please investigate the eval() command: (/var/www/vhosts/milica.es/oscommerces/oscommerce/espana/ad123FDS/includes/modules/batch_print/class.ezpdf.php) [eval() command]
· Warning: Could be an infection, please investigate the eval() command: (/var/www/vhosts/milica.es/oscommerces/oscommerce/espana/ad123FDS/includes/modules/generador_etiquetes/dompdf/include/dompdf.cls.php) [eval() command]
· Warning: Could be an infection, please investigate the eval() command: (/var/www/vhosts/milica.es/oscommerces/oscommerce/espana/ad123FDS/includes/modules/generador_etiquetes/dompdf/include/php_evaluator.cls.php) [eval() command]
· Warning: Could be an infection, please investigate the eval() command: (/var/www/vhosts/milica.es/oscommerces/oscommerce/espana/ad123FDS/includes/modules/generador_etiquetes/dompdf/lib/class.pdf.php) [eval() command]
· Warning: Could be an infection, please investigate the eval() command: (/var/www/vhosts/milica.es/oscommerces/oscommerce/espana/ad123FDS/includes/phpclasses/PHPExcel/Shared/PDF/tcpdf.php) [eval() command]
· Warning: Could be an infection, please investigate the eval() command: (/var/www/vhosts/milica.es/oscommerces/oscommerce/espana/ad123FDS/xajax/xajax_core/xajax.inc.php) [eval() command]
· Warning: Could be an infection, please investigate the eval() command: (/var/www/vhosts/milica.es/oscommerces/oscommerce/espana/includes/classes/Copia de seo.class.php) [eval() command]
· Warning: Could be an infection, please investigate the eval() command: (/var/www/vhosts/milica.es/oscommerces/oscommerce/espana/includes/classes/seo.class.php) [eval() command]
· Warning: File is most probably infected: (/var/www/vhosts/milica.es/oscommerces/oscommerce/espana/includes/geoipregionvars.php) [boff web shell]
· Warning: Could be an infection, please investigate the eval() command: (/var/www/vhosts/milica.es/oscommerces/oscommerce/espana/includes/modules/matc.php) [eval() command]
· Warning: Could be an infection, please investigate the eval() command: (/var/www/vhosts/milica.es/oscommerces/oscommerce/espana/includes/modules/payment/apiRedsys/json.php) [eval() command]
· Warning: Could be an infection, please investigate the eval() command: (/var/www/vhosts/milica.es/oscommerces/oscommerce/espana/sandbox/php/class.JavaScriptPacker.php) [eval() command]
· Warning: Could be an infection, please investigate the eval() command: (/var/www/vhosts/milica.es/oscommerces/oscommerce/espana/xajax/xajax_core/xajax.inc.php) [eval() command]
Important! After being compromised, always change all your passwords (FTP, MySQL, admin panel).
For more information how to protect your web shop, visit http://forums.oscommerce.com/topic/313323-how-to-secure-your-site/
