philee Posted August 24, 2011 Share Posted August 24, 2011 Windows 7 OS. Prestashop 1.4.4 My site was fine at 6:00pm 8/23 then at 7:58 pm 5/23 I noticed my site isn't functioning properly. I sent a ticket to my host and this was found. Removed: /home/sfbm/public_html/videos/wp-content/themes/zzz/scripts/cache/dd58e9270114ad1f95c0e3da514a2b6c.php: PHP.Hide.UNOFFICIAL FOUND /home/sfbm/public_html/videos/wp-content/themes/zzz/scripts/cache/7e30804b68501ac775c35e1db21b502f.php: PHP.Hide.UNOFFICIAL FOUND /home/sfbm/public_html/webstore/download/647226b6ef10264fb0c2c5336a924ef7.php: Atomicorp.honeypot.hex.php.cmdshell.unclassed.338.UNOFFICIAL FOUND /home/sfbm/public_html/webstore/upload/647226b6ef10264fb0c2c5336a924ef7.php: Atomicorp.honeypot.hex.php.cmdshell.unclassed.338.UNOFFICIAL FOUND The attacker was able to access my account by using your store's admin interface. /usr/local/apache/domlogs/sfbm/-----.com: IP ADDRESS - - [23/Aug/2011:19:18:12 -0500] "POST /webstore/admin/ajax.php HTTP/1.1" 200 20 "http://-----.com/webstore/admin/index.php?tab=AdminTools&token=a14d47e372b19cd728aace" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/IP ADDRESS Safari/ADDRESS" Now my whole ajax categories and cart is messed up. Site doesn't function the same anymore. This was detected when I was browsing my website. Link to comment Share on other sites More sharing options...
Carl Favre Posted August 24, 2011 Share Posted August 24, 2011 Hi philee, Thanks for your feedback. A topic about this problem is already created : http://www.prestashop.com/forums/topic/125798-footertpl-vulnerability/ The team is working on it. In order to gather in the same place all the feedback I am closing this topic. Link to comment Share on other sites More sharing options...
Recommended Posts