See: http://packetstormsecurity.org/files/109389/OSCommerce-3.0.2-Cross-Site-Scripting.html
Latest News: (loading..)
0
4 replies to this topic
#1
Posted 03 February 2012, 23:38
- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Ignore this link - just a honeypot site to test my ideas out for osC_Sec and allow the site to be picked up by attackers.
- Fix the admin login bypass exploit here
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Ignore this link - just a honeypot site to test my ideas out for osC_Sec and allow the site to be picked up by attackers.
- Fix the admin login bypass exploit here
#2
Posted 04 February 2012, 00:02
Hi Te..
Thanks for bringing this to our attention. A fix has just been pushed to the repo at:
https://github.com/osCommerce/oscommerce/commit/a5aeb0448cc333cc4b801c0e01981b218fd9c7df
This will appear in v3.0.3.
Kind regards,
Thanks for bringing this to our attention. A fix has just been pushed to the repo at:
https://github.com/osCommerce/oscommerce/commit/a5aeb0448cc333cc4b801c0e01981b218fd9c7df
This will appear in v3.0.3.
Kind regards,
Harald Ponce de Leon
osCommerce, Sell With Emotion
osCommerce, Sell With Emotion
#3
-
- Community Sponsor
-
- 7,731 posts
- Real Name:Geoffrey Walton
- Gender:Male
- Location:Norfolk, UK (close to the centre of the universe)
Posted 04 February 2012, 10:40
I notice the downloads page still doesn't have a warning on it
http://www.oscommerce.com/solutions/downloads
Just had yet another customer who had downloaded it and was tryingto use it live.
It just gives osc a bad reputation!!
Cheers
G
http://www.oscommerce.com/solutions/downloads
Just had yet another customer who had downloaded it and was tryingto use it live.
It just gives osc a bad reputation!!
Cheers
G
Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile
Virus Threat Scanner
My Contributions
Basic install answers.
Click here for Contributions / Add Ons.
UK your site.
Site Move.
Basic design info.
For links mentioned in old answers that are no longer here follow this link Useful Threads.
If this post was useful, click the Like This button over there ======>>>>>.
Virus Threat Scanner
My Contributions
Basic install answers.
Click here for Contributions / Add Ons.
UK your site.
Site Move.
Basic design info.
For links mentioned in old answers that are no longer here follow this link Useful Threads.
If this post was useful, click the Like This button over there ======>>>>>.
#4
Posted 04 February 2012, 10:47
At least it looks like osc is being developed without the warning. It doesnt matter that people new to osc are downloading it, finding it doesnt work and going somewhere else.
REMEMBER BACKUP, BACKUP AND BACKUP
I am not a coder. OSC has a steep learning curve, but in general the program does work. If it doesnt work, the chances are it is something you have done.
I am not a coder. OSC has a steep learning curve, but in general the program does work. If it doesnt work, the chances are it is something you have done.
#5
-
- Community Sponsor
-
- 7,731 posts
- Real Name:Geoffrey Walton
- Gender:Male
- Location:Norfolk, UK (close to the centre of the universe)
Posted 04 February 2012, 10:55
LOL
I do hope that is a tongue in cheek comment!!
G
I do hope that is a tongue in cheek comment!!
G
Edited by geoffreywalton, 04 February 2012, 10:55.
Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile
Virus Threat Scanner
My Contributions
Basic install answers.
Click here for Contributions / Add Ons.
UK your site.
Site Move.
Basic design info.
For links mentioned in old answers that are no longer here follow this link Useful Threads.
If this post was useful, click the Like This button over there ======>>>>>.
Virus Threat Scanner
My Contributions
Basic install answers.
Click here for Contributions / Add Ons.
UK your site.
Site Move.
Basic design info.
For links mentioned in old answers that are no longer here follow this link Useful Threads.
If this post was useful, click the Like This button over there ======>>>>>.
