Jump to content
Latest News: (loading..)

Archived

This topic is now archived and is closed to further replies.

IndoExport

Security on V3

Recommended Posts

It looks to me like its mostly centered around this:

 

http://www.somesite.com/somecall=%22%20onmouseover%3dprompt%28949088%29%20bad%3d%


- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Share this post


Link to post
Share on other sites

A whitelist GET filter would stop this:

http://www.yoursite.com/index.php?onmouseover=prompt("XSS")&

 

But this would bypass it:

http://www.yoursite.com/index.php/"onmouseover=prompt("XSS")&


- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Share this post


Link to post
Share on other sites

×