My Zen Cart was hacked (php injection or shell?)

**gachogavacho** · 27 Mar 2015, 11:17 PM

My Host's antivirus found and removed a file that had malicious code. After talking with their abuse team, they state that there was a shell uploaded or something, one person from regular support said "php injection" but I don't think she understood what she was saying. I found a file called error.php in my admin folder which had a header with this info in it but i removed the auth pass and password. THere was more code below this but I did a google search and found info I didn't quite understand:

PHP Code:


<?php 
//
//                                  DK Shell - Took the Best made it Better..!!
//
//
//
//Version 1.0 
//Created on 25/3/2012 by b47chguru
$auth_pass = "*** I REMOVED THIS***";     //password = ** REMOVED THIS TOO**
$color = "#00FF66";    //Colour
$default_action = "FilesMan";
$default_charset = "Windows-1251";

They said it was likely due to a security vulnerability in Zen Cart. This happened before once and they attempted to hijack our credit card processing to steal credit cards. We upgraded our Zen Cart to the latest version and changed all user names and passwords. Now support says that none of the user names and passwords were compromised, just the vulnerability. I don't have the latest version 1.5.4, but then this happened even when I had version 1.3 so what can I do?

**frank18** · 27 Mar 2015, 11:23 PM

Originally Posted by gachogavacho

My Host's antivirus found and removed a file that had malicious code. After talking with their abuse team, they state that there was a shell uploaded or something, one person from regular support said "php injection" but I don't think she understood what she was saying. I found a file called error.php in my admin folder which had a header with this info in it but i removed the auth pass and password. THere was more code below this but I did a google search and found info I didn't quite understand:

PHP Code:


<?php 
//
//                                  DK Shell - Took the Best made it Better..!!
//
//
//
//Version 1.0 
//Created on 25/3/2012 by b47chguru
$auth_pass = "*** I REMOVED THIS***";     //password = ** REMOVED THIS TOO**
$color = "#00FF66";    //Colour
$default_action = "FilesMan";
$default_charset = "Windows-1251";

They said it was likely due to a security vulnerability in Zen Cart. This happened before once and they attempted to hijack our credit card processing to steal credit cards. We upgraded our Zen Cart to the latest version and changed all user names and passwords. Now support says that none of the user names and passwords were compromised, just the vulnerability. I don't have the latest version 1.5.4, but then this happened even when I had version 1.3 so what can I do?

Follow these steps: http://www.zen-cart.com/wiki/index.p...ing_From_Hacks

Thread: My Zen Cart was hacked (php injection or shell?)

Thread Tools

Search Thread

Display

My Zen Cart was hacked (php injection or shell?)

Re: My Zen Cart was hacked (php injection or shell?)

Bookmarks

Bookmarks

Posting Permissions