vmn Posted November 7, 2014 Share Posted November 7, 2014 Sorry, a post by mistake. Link to comment Share on other sites More sharing options...
vmn Posted November 7, 2014 Author Share Posted November 7, 2014 Hi, when googling the topic aboved, I found e.g. this http://www.exploit-db.com/exploits/34582/ . Would someone like to comment on this? Most of the things point out are related to the admin directory, some to the catalog. Thanks, Veli-Matti Link to comment Share on other sites More sharing options...
oscMarket Posted November 7, 2014 Share Posted November 7, 2014 i not see any related to the catalog. i am infact surprised that a protected area is marked as Vulnerable. Is like i give you my bankpas + pincode, and you go say to me: I can steel your money? ha yes, shopping_cart very vulnerable: open browser A (let's say IE) add stuff to cart... Open browser 2: put url in browser 2: localhost/osCommerce-234/product_info.php?products_id=1{4}3{3}6&action=remove_product (we get message product is removed from cart) Refresh IE ...... ohhhhhhhh: is it removed now? No.... The exploit reporting is CRAP Link to comment Share on other sites More sharing options...
vmn Posted November 7, 2014 Author Share Posted November 7, 2014 Thanks, at least these were pointing to catalog: - Remove any item from cart localhost/osc/oscommerce-2.3.4/catalog/shopping_cart.php?products_id=[iD]&action=remove_product - Add item to cart localhost/osc/oscommerce-2.3.4/catalog/product_info.php?products_id=[iD]&action=add_product - Remove address book entry localhost/osc/oscommerce-2.3.4/catalog/address_book_process.php?delete=1 Link to comment Share on other sites More sharing options...
Gigglery Posted November 19, 2014 Share Posted November 19, 2014 Hi, my security software discovered a couple of XSS vulnerabilities in 2.3.4. I guess wHiTeHaT mentioned one with the shopping_cart in his post above. Here it is: Below are the summarized results of our scan for cross-site scripting vulnerabilities on your site. URL:http://www.domain.com/products_new.php?action=buy_now&products_id=50Cross site scripting vulnerability found in args:action,products_idURL:http://www.domain.com/shopping_cart.php?products_id=58&action=remove_productCross site scripting vulnerability found in args:action,products_id How to fix all those issues or who can help as I am not a programmer? Thanks! Link to comment Share on other sites More sharing options...
oscMarket Posted November 19, 2014 Share Posted November 19, 2014 Somehow i think these are just posted here to put osCommerce in the Google search results as vulnerable. Link to comment Share on other sites More sharing options...
♥joli1811 Posted November 19, 2014 Share Posted November 19, 2014 No known vulnerabilities up to today !! So a bit more info is needed "Below are the summarized results of our scan for cross-site scripting vulnerabilities on your site." args:action,products_id never seen before what is that?? Regards Joli To improve is to change; to be perfect is to change often. Link to comment Share on other sites More sharing options...
Gigglery Posted November 19, 2014 Share Posted November 19, 2014 Somehow i think these are just posted here to put osCommerce in the Google search results as vulnerable. not funny. This is exactly what I am trying to avoid. My impression was that Google has its own scanning device and does not rely on a third party input or questions on forums.... Anyway, do you know how to fix it? Link to comment Share on other sites More sharing options...
burt Posted November 19, 2014 Share Posted November 19, 2014 @@Gigglery you need to provide more than "summarized results". I also want to know the precise software/service used to scan your site and it's version number. Link to comment Share on other sites More sharing options...
Gigglery Posted November 19, 2014 Share Posted November 19, 2014 No known vulnerabilities up to today !! So a bit more info is needed "Below are the summarized results of our scan for cross-site scripting vulnerabilities on your site." args:action,products_id never seen before what is that?? Regards Joli I was told by a security guy that their software scans parts of the codes not the whole thing at ones and that is why sometimes it does not see affected files and produces an OK result..On other days the test fails. Link to comment Share on other sites More sharing options...
Gigglery Posted November 19, 2014 Share Posted November 19, 2014 @@Gigglery you need to provide more than "summarized results". I also want to know the precise software/service used to scan your site and it's version number. Summarized results is all I got. I use SiteLock. not sure about the version. I just checked the site again, they showed 12 more vulnerabilities. Will need to talk to them probably.. Link to comment Share on other sites More sharing options...
burt Posted November 19, 2014 Share Posted November 19, 2014 Yes you will need to talk to them, summarized results is useless to you. Link to comment Share on other sites More sharing options...
♥joli1811 Posted November 19, 2014 Share Posted November 19, 2014 Ran a test oscommerce 2.3.4 with site lock few weeks ago only prob was an addon which was an easy quick fix (int) Site lock was installed as part of the hosting package with a dashboard which allowed to see the exact files involved Maybe if you check in your control panel you can access more detailed info! To improve is to change; to be perfect is to change often. Link to comment Share on other sites More sharing options...
oscMarket Posted November 19, 2014 Share Posted November 19, 2014 perhaps these forms missing the session tokens, not sure. shopping_cart.php: <?php echo tep_draw_form('cart_quantity', tep_href_link(FILENAME_SHOPPING_CART, 'action=update_product')); ?> missing parameter true. To see how this form rule should be build, check contact_us.php: <?php echo tep_draw_form('contact_us', tep_href_link(FILENAME_CONTACT_US, 'action=send'), 'post', 'class="form-horizontal"', true); ?> // Output a form function tep_draw_form($name, $action, $method = 'post', $parameters = '', $tokenize = false) { global $sessiontoken; $form = '<form name="' . tep_output_string($name) . '" action="' . tep_output_string($action) . '" method="' . tep_output_string($method) . '"'; if (tep_not_null($parameters)) $form .= ' ' . $parameters; $form .= '>'; if ( ($tokenize == true) && isset($sessiontoken) ) { $form .= '<input type="hidden" name="formid" value="' . tep_output_string($sessiontoken) . '" />'; } return $form; } I must admit i am not sure if these clear out the mentioned vulnerabilities. Link to comment Share on other sites More sharing options...
Gigglery Posted November 19, 2014 Share Posted November 19, 2014 Ran a test oscommerce 2.3.4 with site lock few weeks ago only prob was an addon which was an easy quick fix (int) Site lock was installed as part of the hosting package with a dashboard which allowed to see the exact files involved Maybe if you check in your control panel you can access more detailed info! The files involved are products_new.php and shopping_cart.php. Can you see more info than just file names? Link to comment Share on other sites More sharing options...
Gigglery Posted November 19, 2014 Share Posted November 19, 2014 @@wHiTeHaT , thanks! Will take a look. Link to comment Share on other sites More sharing options...
vmn Posted November 20, 2014 Author Share Posted November 20, 2014 @wHiTeHaT: my intention was/is to get more info about Oscommerce security. I did not find any earlier comments on these "vulnerabilities" I pointed out in the 2nd post. Link to comment Share on other sites More sharing options...
Gigglery Posted November 20, 2014 Share Posted November 20, 2014 SiteLock refused to go into details and explain the issue. They said the summary report is all I get and that is what all their customers get. Unless I want to pay SiteLock consultant who would go and fix the problem without me ever knowing what was wrong. Great! I guess I am not interested in their services anymore. @@wHiTeHaT: I have corrected it in shopping_cart.php. But someone told me that should not affect anything.. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.