Jump to content

Gibberish on checkout page


jka

Recommended Posts

I noticed it this morning. On the checkout page as well as basket I see a line of gibberish all the way at the top. Not sure why and where this is coming from. 

I did a view source and this gibberish is ahead of the 1st line of the code. 

�f�z+u��j[��H�����j�[j���-jY����z�ږ��,�@-(.�ǭ���*+�&������i�^��k�Ǭ���z�.�׫Q)����z�ږ珕��y�]jx�zkhʋ�m�$z�h��y�F,�@-+&j�rj�"�p�HK!���LL�m��
<!DOCTYPE html>

 

Screen Shot 2017-11-27 at 1.09.31 PM.png

I went into maintenance, cleared all cache etc into sql cache.

 

Not sure where this gibberish is generated from but it does not show up on the product pages.

Link to comment
Share on other sites

Looks to me like code has been injected into your files. This might have been done if the server was hacked and malicious code appended code into writable files. Quite often there are two reasons hackers do this.

1. To steal traffic by redirecting your users to their site.

2. To force virus downloads.

Please check the source code hasn't been tampered with.

Link to comment
Share on other sites

Depends how much 'permission' the intruder (if that is what happened) was given. For example, using the file editor tool in a hosted account's control panel (Cpanel) has a lot of permission to make edits to files. In this particular scenario, almost all files are 'writable'.

Also, an intruder (or script) can easily have the operating system reset the file's date/time stamp to make it appear that nothing was changed.

Also, I believe CC6 is coded to not send any HTTP headers until templates have been populated with data and control is about to be turned over to Smarty to render and output the templates. If something is outputting rogue content (and received by your web browser), there will be some default headers sent prematurely. The consequence of that is that when PHP is told to send the real headers, PHP will complain about "Headers already sent". This complaint will show in PHP's error log and possibly in CubeCart's admin Error Log listing.

However, if a skin template file has been compromised, there will be no "Headers already sent" error. Also, it will be somewhat unlikely that the rogue content would appear at the top of the screen. Examine the contents of box.basket.php, box.basket.content.php, content.checkout.php, and main.php.

Examine everything.

Link to comment
Share on other sites

So, I went ahead and renamed the skins/template folder and reuploaded  the templates folder all over again. So its a brand new templates folder. The same gibberish (same content) shows up on the top of the basket and checkout when products are in it. I recently had to update all my admin files for 6.1.4. Any chance this is db related issue where something is corrupted?

Link to comment
Share on other sites

So, I went into the vanilla skin. Here is what I found in the browser debug mode....

"�f�z+u��j[��H�����j�[j���-jY����z�ږ��,�@-(.�ǭ���*+�&amp;������i�^��k�Ǭ���z�.�׫Q)����z�ږ珕��y�]jx�zkhʋ�m�$z�h��y�F,�@-+&amp;j�rj�"�p�HK!���LL�m��" = $0

 

  
    

Screen Shot 2017-11-27 at 6.06.10 PM.png

One more image ....

Screen Shot 2017-11-27 at 6.15.23 PM.png

Link to comment
Share on other sites

You are saying this is appearing in more than one skin. The top image looks like Vanilla, and the second image is probably a Foundation or Foundation clone.

In the first image. I see that the rogue content is showing in the HTML source immediately after the ColorBox code (added by the ColorBox javascript plugin), and just before the <div id=page_wrapper"> statement in the template.

The second image, I presume that the rogue content is at the very top of the HTML source.

But CC6 does not process a skin any differently depending on the skin. I cannot explain why this content would appear in different places.

Link to comment
Share on other sites

Is there a web address we can see this happening?

In your first post, you show that the content appears above the <!doctype html> tag.

In the vanilla skin, it appears just after the <body> tag, withe the ColorBox javascript then later adding its code just after the <body> tag.

Link to comment
Share on other sites

When at ?_a=basket or ?_a=confirm, when the cart is empty, there should be, other than the surrounding boxes, nothing but "Your basket is empty" message.

So, look at the contents of the file /classes/cubecart.class.php, at these functions: _basket(), _checkout(), and _displaybasket().

 

Link to comment
Share on other sites

Thats correct. All it says is that "Your basket is empty". (like normal) and the gibberish on the top doesnt appear once the basket is empty.

The gibberish line only appears when there is an item in the basket. It doesnt appear when the basket is empty. I went and noticed further that the bad code did not appear when on the payment "gateway" page. 

Its appear on index.php?_a=basket and index.php?_a=confirm when there is items in the basket.

Link to comment
Share on other sites

Ah, Bsmither, I should have waited for your wonderful insight as usual before I upgraded a customized site. There was a file with snippet_ and that gibberish code was inside it. Should I just delete it?

Deleting or renaming that snippet was a lost cause. It got created again.

Link to comment
Share on other sites

Now we need to learn what this snippet belongs to.

Snippets are databased. If the snippet_hash.php file does not exist, it will be re-created from the data about that snippet stored in the database.

In admin, Manage Hooks, Code Snippets tab, note the list of enabled snippets. Click the Edit icon of the snippet that you suspect.

The details of the snippet should clue you as to what this snippet is supposed to do and who put it there.

We either need to fix the snippet, or delete it (will be removed from the database). The snippet_ file should also disappear.

Link to comment
Share on other sites

I've had snippets go wrong and do this.

In fact I have a snippet for what appears to be the same thing.

Last week i modified the snippet to increase the minumum order value, and it went bad on me, producing something very similar

Link to comment
Share on other sites

Sorry if I gave the wrong info. Did you upgrade your store recently? The setup process should convert code snippets to the correct encoding. Maybe it somehow got double encoded or something. 

The solution may be to just delete all "includes/extra/snippet_*.php" files. They will then regenerate automatically with correct code so long as the store has been upgraded properly and the setup process was run. 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...