Security and zclass.php

**Btwixt_Group** · 07-19-2005, 08:01 PM

I have noticed zclass.php being installed with the cart. This is a huge security hole. Has anyone noticed this, what is the purpose and can it be left out. Search it on Google and look at how many oscommerce sites have it. It is a php Shell execute program and the things you can do with it are very scary. You can delete entire sites, download and upload things. Any information about the file and it purpose in osmax would be very grateful.

**jpf** · 07-20-2005, 05:51 AM

This is NOT part of OSC or MAX and is NOT included with any files. Where ever you got this information - it is wrong!

This file (I think) is part of a program called PHP Shell by Martin Geisler (YES it can be dangerous to allow anyone "shell" access). if you installed this - or your host did as a default - then feal free to look into the program and try to remove it. Other than that I would try asking your hosting support or the program author to see if they have instruction on how to remove/restrick access to this file.

Good Luck

**Btwixt_Group** · 07-20-2005, 05:23 PM

Originally Posted by jpf

This is NOT part of OSC or MAX and is NOT included with any files. Where ever you got this information - it is wrong!

This file (I think) is part of a program called PHP Shell by Martin Geisler (YES it can be dangerous to allow anyone "shell" access). if you installed this - or your host did as a default - then feal free to look into the program and try to remove it. Other than that I would try asking your hosting support or the program author to see if they have instruction on how to remove/restrick access to this file.

Good Luck

Sorry, you are exactly correct, it is not part of the program, and very dangerous. But here is what I have learned from the two it affected. They cannot change the includes/configure.php to 644. and therefore leaving a security hole. How do they change it. I have tried several different programs for them and continue getting the same error message on the main page; although the file appears to be 644 every where I look.