On 1/27/2010 12:43 PM, Matt Chapman wrote:
Also FTR, I've seen a similar (but not quite identical) sort of attack
on a xcart installation on another host.
I've seen the osc / xcart attack. They created a subdirectory in the
image directory... /yahoo ... and put an index.php file in it. The file
checked the query string for a value. If it wasn't there, it would
simply display an osc heading. If the value was there, it grabbed a
base64 value from the query string, decoded it, and called eval against it.
