Hi,
We have a website in NopCommerce 4.2 that we cannot update for now. We realized this morning someone inject a lot a images and html files in the folder wwwroot/images/samples. We've deleted the files and one suspicious aspx file but we are wondering if there is a known security breach or a fix to avoid that ?
Thanks
Images injections
Team Member
- 879
- 9286
- 1/11/2016
The only thing that can be partially related to this is some problems with RoxyFileman in 4.20 (was vulnerable to ../ path traversal), see details here. But only someone with permission "Admin area. HTML Editor. Manage pictures" could use it, so check your ACL.
In all other cases, ask your host as Dennis suggested.
In all other cases, ask your host as Dennis suggested.
- 7
- 35
- 6/22/2022
- United States
virtualeman wrote:
You can upload the following web.config file into that directory with the following code. This prevents any script from running but still allows your images to load on your site.
Hi,
We have a website in NopCommerce 4.2 that we cannot update for now. We realized this morning someone inject a lot a images and html files in the folder wwwroot/images/samples. We've deleted the files and one suspicious aspx file but we are wondering if there is a known security breach or a fix to avoid that ?
Thanks
We have a website in NopCommerce 4.2 that we cannot update for now. We realized this morning someone inject a lot a images and html files in the folder wwwroot/images/samples. We've deleted the files and one suspicious aspx file but we are wondering if there is a known security breach or a fix to avoid that ?
Thanks
You can upload the following web.config file into that directory with the following code. This prevents any script from running but still allows your images to load on your site.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<handlers accessPolicy="Read" />
</system.webServer>
</configuration>