Mass Injection Attacks Targeting osCommerce Vulnerabilities
Last Update Date:
12 Aug 2011
Release Date:
2 Aug 2011
8936
Views
RISK: High Risk
TYPE: Attacks - Other
Multiple vulnerabilities have been identified in osCommerce application, which can be exploited by hackers to inject malicious content in vulnerable osCommerce websites.
A large scale injection attack targeting osCommerce websites is reported. Injected "<iframe>" and "<script>" pointing to malicious links will infect computers via various exploits. This attack leverages several osCommerce vulnerabilities including
- osCommerce Remote Edit Site Info Vulnerability [disclosed 10 July 2011]
- osCommerce 2.3.1 (banner_manager.php) Remote File Upload Vulnerability [disclosed 14 May 2011]
- osCommerce Online Merchant v2.2 File Disclosure And Admin ByPass Vulnerability [disclosed 30 May 2010]
Impact
- Remote Code Execution
System / Technologies affected
- osCommerce Online Merchant v2.x
- osCommerce Online Merchant v3.x
Solutions
For web administrators,
- Detection
- Under the following circumstances, your servers may have been injected / infected
- Search server logs for
- access from IPs: 178.217.163.33 , 178.217.165.111 , 178.217.165.71 ,178.217.163.214
- and access with agent string: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)
- Search your site for the existence of <iframe> or <script> tags with links pointing to
- hxxp :// willysy . com / images / banners /
- hxxp :// exero . eu / catalog / jquery . js
- hxxp :// tiasissi . com . br / revendedores / jquery /
- hxxp :// adorabletots . co . uk / tmp / js . php
- This list may change as attacks alter their malware hosting. Please inform us if you find other suspicious scripts.
- Search server logs for
- Under the following circumstances, your servers may have been injected / infected
- Recovery
- Find and remove the infected backdoors
- Find and remove the injected iframes / scripts
- Prevention
- Secure you osCommerce installation.
http://forums.oscommerce.com/topic/313323-how-to-secure-your-oscommerce-22-site/ - Upgrade to the latest version
http://www.oscommerce.com/solutions/downloads - Use .htaccess and passwords for authentication to protect admin directories (/admin/)
http://httpd.apache.org/docs/current/howto/htaccess.html#auth
- Secure you osCommerce installation.
- Change your website hosting account and osCommerce admin passwords
For end-users,
- Maintain security patch and security software updated, turning on personal firewall, and staying cautious.
- Beware of security warnings from browsers or security software. Do not visit any unsolicited websites or disable Javascript in browsers.
Vulnerability Identifier
- No CVE information is available
Source
Related Link
Share with