osCommerce中file_manager.php有嚴重安全性問題

Posted on 2010/09/10 by admin

osCommerce中file_manager.php有被利用來上傳php shell程式,竄改網頁內容、取得資料庫權限進一步入侵主機。

詳細文章可參考

http://www.qurizhao.com/Article/HTML/20100901133958.html
http://forums.oscommerce.com/topic/344651-new-hack-in-town-beware/
http://forums.oscommerce.com/topic/109629-site-hacked-due-to-oscommerce/

處置方式

1.請立即變更後台admin目錄的名稱變更admin目錄請參考以下文章

http://www.blog.webdsn.net/archives/16

2.立即刪除admin目錄中file_manager.php

This entry was posted in oscommerce. Bookmark the permalink.

發表迴響

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>