I did a other scan ( I had more time now) and it found now twice as much security errors!
What I did:
I download the latest v3 version from here:
http://www.oscommerce.com/about/news,137
Did a fresh install, new DB, new subdomain.
Added the sample data.
After this I scanned it with Acunetix Web Vulnerability Scanner and it found the following security errors:
The scan time was:
1 hour and 8 minutes
It found:
284 - Cross Site Scripting vunerabilities
1 Interspire FastFind Cross-Site Scripting Vunerability
and 1 broken link
A detaild report can be downloaded here: (in PDF format)
http://www.multiupload.com/HGTRCCSCMX
I hope this is usefull and can be fixed soon!
Latest News: (loading..)
0
26 replies to this topic
#22
Posted 09 April 2011, 11:29
Probably best you just paste the report in here rather than putting it up for download in that manner.
- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Ignore this link - just a honeypot site to test my ideas out for osC_Sec and allow the site to be picked up by attackers.
- Fix the admin login bypass exploit here
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Ignore this link - just a honeypot site to test my ideas out for osC_Sec and allow the site to be picked up by attackers.
- Fix the admin login bypass exploit here
#23
Posted 09 April 2011, 11:41
Taipo, on 09 April 2011, 11:29, said:
Probably best you just paste the report in here rather than putting it up for download in that manner.
and just click the link and choice the first download link.And I can delete it whenever I wan't so it's "save"
Edited by nielss, 09 April 2011, 11:42.
#24
Posted 09 April 2011, 12:05
Hi Niels..
Do any of the links in the report actually do anything? I tried several and nothing happened.
Kind regards,
Do any of the links in the report actually do anything? I tried several and nothing happened.
Kind regards,
Edited by Harald Ponce de Leon, 09 April 2011, 12:06.
Harald Ponce de Leon
osCommerce, Sell With Emotion
osCommerce, Sell With Emotion
#25
Posted 09 April 2011, 12:19
Harald Ponce de Leon, on 09 April 2011, 12:05, said:
Hi Niels..
Do any of the links in the report actually do anything? I tried several and nothing happened.
Kind regards,
Do any of the links in the report actually do anything? I tried several and nothing happened.
Kind regards,
I haven't tried any of them becouse I am not at home at the moment so can't "deep test" them. But meby some of them are falls positives
edit:
after testing I think it's the program that giving the fails positives.... meby it isn't working very well with php 5.x lol
Edited by nielss, 09 April 2011, 12:29.
#26
Posted 09 April 2011, 13:02
It looks to me like its mostly centered around this:
http://www.somesite.com/somecall=%22%20onmouseover%3dprompt%28949088%29%20bad%3d%
- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Ignore this link - just a honeypot site to test my ideas out for osC_Sec and allow the site to be picked up by attackers.
- Fix the admin login bypass exploit here
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Ignore this link - just a honeypot site to test my ideas out for osC_Sec and allow the site to be picked up by attackers.
- Fix the admin login bypass exploit here
#27
Posted 09 April 2011, 13:27
A whitelist GET filter would stop this:
But this would bypass it:
http://www.yoursite.com/index.php?onmouseover=prompt("XSS")&
But this would bypass it:
http://www.yoursite.com/index.php/"onmouseover=prompt("XSS")&
- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Ignore this link - just a honeypot site to test my ideas out for osC_Sec and allow the site to be picked up by attackers.
- Fix the admin login bypass exploit here
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Ignore this link - just a honeypot site to test my ideas out for osC_Sec and allow the site to be picked up by attackers.
- Fix the admin login bypass exploit here
