How to find malicious code on opencart?

P

Pavel2017-06-05 13:51:53

PHP

Pavel, 2017-06-05 13:51:53

on the site in the basement there is such a thing joxi.ru/1A5ZpBki96L9rE , I dug everything in the template itself, there is nothing suspicious anywhere, then I noticed that when you go to the admin panel, there is also such a basement. Question: where in opencart can I find the code that displays such a dirty trick on all pages of the site?

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

A

Alexander Penshin, 2017-06-05
@apenshin

1. footer.tpl + footer.php
2. Search in the whole project + search in the database

A

Alexey Sklyarov, 2017-06-05
@0example

This code doesn't have to be in PHP. It can also be in JS files

D

Denis Bukreev, 2017-06-05
@denisbookreev

Maybe this is happening with the help of js?

N

nevamind, 2017-06-10
@nevamind

A similar infection was located in /system/library/response.php
The line

$ouput = eval(base64_decode('[множество символов]');

and is malware.
The original file should instead have echo $output;
In general, a lot of malware uses base64_decode, so you can search for this expression.

Y

Yhak, 2017-07-26
@Yhak

Comrade, you are very similar to a warez lover! We remember and look at the module downloaded in the wrong way. As nevamind wrote, we are looking for a similar code. If you say that when you enter the admin panel. look at /admin/template. If this thing does not interfere in principle, close it from the index and set redirect to the main one.