Find content
Hi all,
Now to something I discovered when installing Moneybookers Credit-card payment.
It seems the payment gateway (skril/moneybookers) is sending back a log.txt file to the Cataloge folder.
This information contains detailed transaction information such as customer/shop email addresses, Shop Moneybookers customer No and secret word etc.
To me it looks totally crazy that this information is stored at the 755 (open) Catalog directory.
As this question is Security related, I posted it here.
Anyone with same experience or advice on how to secure the log.txt file?
Best regards
CrazyP
- osCommerce Support Forum
- → Viewing Profile: Crazypilot
Latest News: (loading..)
Community Stats
- Group Community Member
- Active Posts 60 (0.02 per day)
- Most Active In General Support (26 posts)
- Profile Views 3,401
- Age Age Unknown
- Birthday Birthday Unknown
-
Real Name
Hans Wiren
-
Gender
Male
0
Neutral
Friends
Crazypilot hasn't added any friends yet.
Latest Visitors
Topics I've Started
Monebookers giving away information?
25 October 2011, 11:18
News Ticker Ajax does not load at Index.php
23 October 2011, 17:51
Hi all,
Hopefully someone can help me with following Ajax News ticker problem.
I have installed the add-on ok, but the ticker line
does NOT start scrolling as it seems stuck on loading content.
Pls Check www.securiled.com
However, if I navigate to another page, then it starts and functions 100%.
Anyone that can help to figure out why the ticker get's stuck only on the entry-page?
Add-on download: http://addons.oscommerce.com/info/5590
Best regards
CrazyP
Hopefully someone can help me with following Ajax News ticker problem.
I have installed the add-on ok, but the ticker line
does NOT start scrolling as it seems stuck on loading content.
Pls Check www.securiled.com
However, if I navigate to another page, then it starts and functions 100%.
Anyone that can help to figure out why the ticker get's stuck only on the entry-page?
Add-on download: http://addons.oscommerce.com/info/5590
Best regards
CrazyP
Found security break in Visitor Web Stats
21 October 2011, 06:12
Hi all,
I have found following info about a weakness in Visitor Web Stats that can allow Malicious injections.
http://archives.neohapsis.com/archives/bugtraq/2010-05/0271.html
Is current Add-on properly updated or what need to be changed to secure the script?
Best regards
CrazyP
I have found following info about a weakness in Visitor Web Stats that can allow Malicious injections.
http://archives.neohapsis.com/archives/bugtraq/2010-05/0271.html
Is current Add-on properly updated or what need to be changed to secure the script?
Best regards
CrazyP
- osCommerce Support Forum
- → Viewing Profile: Crazypilot
- Forum Rules
