Today I noticed an unusual program listening on one of the web servers that I managed. Upon investigating, I found out that the attacker was able to gain access through a program called cpCommerce that one of our customers had installed.
I was able to pretty quickly identify the security hole and hacked up the PHP code so that it wouldn’t work again. I then downloaded the latest release of this program and took a look at it to see if the bug had been fixed…and it hadn’t.
So, I headed over to their site to submit a bug report. Although, since it’s a security problem, I didn’t want to post all of the detail publicly so that it could be exploited further. After a little big of fighting with their forum software, I was able to send the developer all of the details, and he has since posted a patch for the program.
I’m not familiar with the program, but it doesn’t look like the patch is just a hack-job either. It looks like it was fixed correctly in a way that would possibly prevent other similar scripts in the program from having the same problem.
http://cpcommerce.cpradio.org/forums/index.php/topic,3430.0.html