osCommerce and osCMax shopping cart software forums

Shopping Cart Software

osCommerce with teeth!

 

Security and zclass.php

This is a discussion on Security and zclass.php within the osCMax v2 Installation issues forums, part of the osCMax v2.0 Forums category; I have noticed zclass.php being installed with the cart. This is a huge security hole. Has anyone noticed this, what ...


Go Back   osCommerce and osCMax shopping cart software forums > osCMax v2.0 Forums > osCMax v2 Installation issues

Security and zclass.php Security and zclass.php

Register FAQ Members List Calendar Mark Forums Read


Free community membership! Fast easy FREE membership
Closed Thread

 

LinkBack Thread Tools
  #1  
Old 07-19-2005, 08:01 PM
New Member
  
Join Date: Oct 2003
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
Btwixt_Group
Default Security and zclass.php
I have noticed zclass.php being installed with the cart. This is a huge security hole. Has anyone noticed this, what is the purpose and can it be left out. Search it on Google and look at how many oscommerce sites have it. It is a php Shell execute program and the things you can do with it are very scary. You can delete entire sites, download and upload things. Any information about the file and it purpose in osmax would be very grateful.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
  #2  
Old 07-20-2005, 05:51 AM
jpf's Avatar
jpf jpf is offline
Moderator

  
Join Date: Sep 2003
Location: Manitoba, Canada
Posts: 1,584
Thanks: 1
Thanked 84 Times in 71 Posts
Rep Power: 10
jpf is a glorious beacon of lightjpf is a glorious beacon of lightjpf is a glorious beacon of lightjpf is a glorious beacon of lightjpf is a glorious beacon of light
Default RE: Security and zclass.php
This is NOT part of OSC or MAX and is NOT included with any files. Where ever you got this information - it is wrong!

This file (I think) is part of a program called PHP Shell by Martin Geisler (YES it can be dangerous to allow anyone "shell" access). if you installed this - or your host did as a default - then feal free to look into the program and try to remove it. Other than that I would try asking your hosting support or the program author to see if they have instruction on how to remove/restrick access to this file.

Good Luck
__________________
JPF - osCMax Fourm Moderator
Try out our osCMax at: Live Catalog Demo
Limited access Admin: Live Admin Demo
Feel free to add products they way you want and then purchase them -=+=- Sorry nothing will be billed or shipped!
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
  #3  
Old 07-20-2005, 05:23 PM
New Member
  
Join Date: Oct 2003
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
Btwixt_Group
Default Re: RE: Security and zclass.php
Quote:
Originally Posted by jpf
This is NOT part of OSC or MAX and is NOT included with any files. Where ever you got this information - it is wrong!

This file (I think) is part of a program called PHP Shell by Martin Geisler (YES it can be dangerous to allow anyone "shell" access). if you installed this - or your host did as a default - then feal free to look into the program and try to remove it. Other than that I would try asking your hosting support or the program author to see if they have instruction on how to remove/restrick access to this file.

Good Luck
Sorry, you are exactly correct, it is not part of the program, and very dangerous. But here is what I have learned from the two it affected. They cannot change the includes/configure.php to 644. and therefore leaving a security hole. How do they change it. I have tried several different programs for them and continue getting the same error message on the main page; although the file appears to be 644 every where I look.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
  #4  
Old 07-21-2005, 04:54 AM
jpf's Avatar
jpf jpf is offline
Moderator

  
Join Date: Sep 2003
Location: Manitoba, Canada
Posts: 1,584
Thanks: 1
Thanked 84 Times in 71 Posts
Rep Power: 10
jpf is a glorious beacon of lightjpf is a glorious beacon of lightjpf is a glorious beacon of lightjpf is a glorious beacon of lightjpf is a glorious beacon of light
Default RE: Re: RE: Security and zclass.php
What is this error your now refering to? As for zclass.php the simplest thing would to delete it.
__________________
JPF - osCMax Fourm Moderator
Try out our osCMax at: Live Catalog Demo
Limited access Admin: Live Admin Demo
Feel free to add products they way you want and then purchase them -=+=- Sorry nothing will be billed or shipped!
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Closed Thread

« Fresh install of oscMax v2. but can't find DIR_FCKEDITOR | adding product images without uploading thru form? »
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads

Thread Thread Starter Forum Replies Last Post
Security.. ph1ngering osCommerce 2.2 Installation Help 0 03-29-2005 09:54 AM
Re: Security Patch loba osCMax v1.7 Discussion 13 03-25-2005 06:01 AM
Admin Security Keilup osCMax v1.7 Installation 0 10-27-2004 06:05 AM
Set Security after installation cdbooks4u osCMax v1.7 Installation 3 08-24-2004 05:41 PM
Security Risk AceDog osCMax v1.7 Discussion 1 03-26-2004 03:13 AM


All times are GMT -8. The time now is 06:50 AM.

osCMax Home - Site Map - Top

Powered by vBulletin®
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO
http://www.oscmax.com/forums/
Copyright 2008 osCMax