cancel
Showing results for 
Search instead for 
Did you mean: 

PATCH_SUPEE-8788_CE_1.8.0.0_v2-2016-10-14-09-33-04.sh Not detected in Magento version 1.8.0.0

PATCH_SUPEE-8788_CE_1.8.0.0_v2-2016-10-14-09-33-04.sh Not detected in Magento version 1.8.0.0

Hello All,

I am running magento 1.8.0.0 in live site but there is alert for security patch so installed patch using ssh
PATCH_SUPEE-8788_CE_1.8.0.0_v2-2016-10-14-09-33-04.sh , after installtion i can see the changes in applied.patches.list file but still magereport says PATCH NOT DETECTED what sholud i do to resolve this please guide me here i am stuck since last week

Here is link what magereport says you can check https://www.magereport.com/scan/?s=https://www.master-minded.com/beta/
 if you guys have any idea, thought how to resolve this please be my guest and guide me here.
Thank you

1 REPLY
Highlighted

Re: PATCH_SUPEE-8788_CE_1.8.0.0_v2-2016-10-14-09-33-04.sh Not detected in Magento version 1.8.0.0

Hi there Chirag !

 

How Magereport detects the patch

Magereport checks for the following static assets that should have been removed:

/skin/adminhtml/default/default/media/flex.swf
/skin/adminhtml/default/default/media/uploader.swf
/skin/adminhtml/default/default/media/uploaderSingle.swf

It also checks for the following files that have been modified:

/js/mage/adminhtml/uploader/instance.js should contain "fustyFlowFactory"
/skin/adminhtml/default/default/boxes.css should contain "background:url(images/blank.gif) repeat;"

 

Here are some tips:

 

If you get an unexpected result

Using Magento 1?

Please double check these things first:

  1. Are you running multiple Magento installations on the same domain? Due to the way Magento routing works, MageReport cannot distinguish between multiple installations on the same domain. So if you want to test an upgrade, you could put it on its own domain (eg. test.yourdomain.com).
  2. Have the SWF files indeed been removed? If you just copied v1.9.3 over an older version, the old SWF files still exist (and pose a vulnerability)
  3. Do the JS and CSS files indeed contain the required strings? If not, the patch might have quit halfway so you have a half-patched system.
  4. Do you use Varnish, Cloudflare, a CDN or another caching layer? Your old site might have been cached. Flush your cache or wait until your cache expires.
  5. Do you use Magento 1.5? We can only detect proper patch application if you have not removed the uploader.swf by hand. Opposed to the other patches, the Flash file is modified instead of deleted. If you have deleted it yourself (which is quite safe to do anyway), we cannot detect the patch unless we hack your shop. Sorry! (3% of all Magento stores still have 1.5)
  6. Do you rewrite requests based on admin in the URL? Then we cannot properly establish the patch. But if have these security measures in place, you probably do not need Magereport 😉

If you still get unexpected results, please mail your URL to magereport@hypernode.com and we will investigate your case. And hopefully make Magereport better, thanks to your help!

 

------------------------------------------------------------------------------------------------------------------------

 

Did you delete the skin files ? Did you try to find the text in the files above ?

 

Mage reports doesn't "try" the exploid. It just looks for static public files that belong to the "bad code". It's not 100% accurate. If you checked everything and still, it can't detect your patch please mail me: Roger_Keulen@Hotmail.com