@Kfir: Your follow-up response to the original question regarding Zen Cart was pointless. You pointed to an almost four year old URL announcing a security issue which has been patched for almost as long. Please do the required research before posting? If you are going to post references to very old bugs, then do your readers a favor and post a reference to the patch. Better yet first ask the poster posing the original question which versions of “suspect” web applications they are running, before you come to and report such absurd conclusions. Your lack of due diligence does us all a disservice and reduces the credibility of securiteam.

Hi,

Thank you both for the comments, my answer was brief, and maybe a bit too quick, but the point I was trying to pass was that even though both product have at least one issue, in most cases they aren’t the one used to hack sites.

Specifically in the case of Zen Cart – the product appears to be “secure” only because no one probably spent too much time looking into it.

While PHPBB is a very “sexy” product, very common, making a product to be listed with numerous vulnerabilities.

Again, thank you both for the comments, I have forwarded them to the person that has asked us the question.

“Specifically in the case of Zen Cart – the product appears to be “secure” only because no one probably spent too much time looking into it.”

Very contentious and possibly damaging – perhaps deliberately so.

I, and most other Zen Cart users, see hacking attempts roughly every day. I would argue that “no one probably spent too much time looking into it” is, therefore, inaccurate from the hackers’ perspective. In addition, we always see very fast responses from the Zen Cart team when anyone posts about hacking attempts on the Zen Cart forums so the statement is untruthful from the users’ perspective too.

I always have my a simple php script running on my website that send me and email with the MD5 hash value. I am sure that no PHP file will ever change on the server at all (although log files etc will change).

In short if the MD5 ever changes you can be assured that you have a new php file or change to a php file that you did not upload.

Unlike what you say, or think, especially the intent wasn’t deliberate, I was only providing my thoughts, and facts at the same time.

It wasn’t meant to make Zen Cart look bad, or his team that developed it bad.

I apologize if it looked as if I was making Zen Cart look bad my intent was the opposite, simply to say that the person that has asked the question might want to look elsewhere for vulnerabilities, in his case phpbb, as Zen Cart has very little documented vulnerabilities

Great resource and list, will certainly be bookmarking this page.I’m glad everyone is finding this useful,Thank For Post….

I have written a tool that can be useful in location a php shell on your server such as C99 or GNY. The script is written in python and scans directories for files that might have the shell signatures in them. It’s worth a look, check it out:

I’d post a full link but it trips a spam filter…
esux.net/python_php_shell_virus_web_scan_detection

Great resource and list, will certainly be bookmarking this page.I’m glad everyone is finding this useful,Thank For Post….

thanks for your great post.