· Checking if file_manager.php wisely has been removed... [OK]
--> More info at http://www.techjournal.info/2009/10/oscommerce-filemanager-hack-exploit.html
· Checking if define_language.php wisely has been removed... [OK]
--> More info at http://www.techjournal.info/2009/10/oscommerce-filemanager-hack-exploit.html
· Checking if admin folder wisely has been renamed... [OK]
· Checking if admin folder is protected via .htaccess require user... [VULNERABLE]
--> Protecting your admin folder with .htaccess secures most admin exploits.
· Checking if configure.php is write protected in catalog... [VULNERABLE]
--> Please chmod file to 444.
· Checking if configure.php is write protected in admin... [VULNERABLE]
--> Please chmod file to 444.
· Checking for tep_db_input() XSS vulnerability in admin... [VULNERABLE]
---> Fix available at http://addons.oscommerce.com/info/6546
· Checking for critical admin $PHP_SELF aka "login.php" HTTP GET vulnerability... [VULNERABLE]
--> More info at http://www.webpayments.ie/blog/serious-oscommerce-vulnerability-exposed.html, http://forums.oscommerce.com/topic/348589-serious-hole-found-in-oscommerce
· Checking for "oscid" Session Fixation vulnerability... [VULNERABLE]
--> More info at http://forums.oscommerce.com/topic/333351-oscommerce-oscid-session-fixation-vulnerability/
· Warning: Could be an infection, please investigate the eval() command: (/var/www/vhosts/milica.es/oscommerces/amazon/venca/contaplus/smarty/libs/Smarty.class.php) [eval() command]
· Warning: Could be an infection, please investigate the eval() command: (/var/www/vhosts/milica.es/oscommerces/amazon/venca/contaplus/smarty/libs/internals/core.process_cached_inserts.php) [eval() command]
· Warning: Could be an infection, please investigate the eval() command: (/var/www/vhosts/milica.es/oscommerces/amazon/venca/contaplus/smarty/libs/internals/core.run_insert_handler.php) [eval() command]
· Warning: Could be an infection, please investigate the eval() command: (/var/www/vhosts/milica.es/oscommerces/amazon/venca/contaplus/smarty/libs/internals/core.smarty_include_php.php) [eval() command]
· Warning: Could be an infection, please investigate the eval() command: (/var/www/vhosts/milica.es/oscommerces/amazon/venca/contaplus/smarty/libs/plugins/function.eval.php) [eval() command]
· Warning: Could be an infection, please investigate the eval() command: (/var/www/vhosts/milica.es/oscommerces/amazon/venca/contaplus/smarty/libs/plugins/function.mailto.php) [eval() command]
· Warning: Could be an infection, please investigate the eval() command: (/var/www/vhosts/milica.es/oscommerces/amazon/venca/contaplus/smarty/libs/plugins/function.math.php) [eval() command]
· Warning: Could be an infection, please investigate the eval() command: (/var/www/vhosts/milica.es/oscommerces/amazon/venca/feedmachine.php) [eval() command]
· Warning: File is most probably infected: (/var/www/vhosts/milica.es/oscommerces/amazon/venca/includes/classes/ipinfodb.class.php) [Trojan]
· Warning: File is most probably infected: (/var/www/vhosts/milica.es/oscommerces/amazon/venca/includes/functions/sitemonitor_functions.php) [Goog1e_analist]
· Warning: Could be an infection, please investigate the eval() command: (/var/www/vhosts/milica.es/oscommerces/amazon/venca/includes/modules/batch_print/class.ezpdf.php) [eval() command]
· Warning: Could be an infection, please investigate the eval() command: (/var/www/vhosts/milica.es/oscommerces/amazon/venca/includes/modules/generador_etiquetes/dompdf/include/dompdf.cls.php) [eval() command]
· Warning: Could be an infection, please investigate the eval() command: (/var/www/vhosts/milica.es/oscommerces/amazon/venca/includes/modules/generador_etiquetes/dompdf/include/php_evaluator.cls.php) [eval() command]
· Warning: Could be an infection, please investigate the eval() command: (/var/www/vhosts/milica.es/oscommerces/amazon/venca/includes/modules/generador_etiquetes/dompdf/lib/class.pdf.php) [eval() command]
· Warning: Could be an infection, please investigate the eval() command: (/var/www/vhosts/milica.es/oscommerces/amazon/venca/xajax/xajax_core/xajax.inc.php) [eval() command]
Important! After being compromised, always change all your passwords (FTP, MySQL, admin panel).
For more information how to protect your web shop, visit http://forums.oscommerce.com/topic/313323-how-to-secure-your-site/
