Jump to content

Archived

This topic is now archived and is closed to further replies.

SecurityGeek

Oscommerce 0day Sql Injection Vulnerability

Recommended Posts

Hello,

 

i would like to report a 0day vulnerability that works on the latest version of oscommerce 2.3.3.4

 

i don't want to disclose more information here on public before applying a fix

 

can you advice where i can send the security report ? i cannot find a free way to contact the support

 

Thanks

 

#Ahmed Aboul-Ela

Share this post


Link to post
Share on other sites

The vulnerability is confirmed.

 

I'd like to thank Ahmed Aboul-Ela @@SecurityGeek for bringing this to our attention prior to making it public.

 

Fix:

https://github.com/gburton/oscommerce2/commit/e4d90eccd7d9072ebe78da4c38fb048bfe31c902


This is a signature that appears on all my posts.  
IF YOU MAKE A POST REQUESTING HELP...please state the exact version
of osCommerce that you are using. THANKS

 
Get the latest Responsive osCommerce CE (community edition) here

Share this post


Link to post
Share on other sites

Guys, I think this serious enough to have updated over 40 shops this morning. Highly suggest that you make the same change as outlined in the link above, and do it NOW.

 

 


This is a signature that appears on all my posts.  
IF YOU MAKE A POST REQUESTING HELP...please state the exact version
of osCommerce that you are using. THANKS

 
Get the latest Responsive osCommerce CE (community edition) here

Share this post


Link to post
Share on other sites

I have noticed that the same code is in both early and late versions of oscommerce, so I assume that most stores will need amending. Is this the case.


REMEMBER BACKUP, BACKUP AND BACKUP

Get the latest Responsive osCommerce CE (community edition) here

It's very easy to over complicate what are simple things in life

Share this post


Link to post
Share on other sites

ALL stores will need amending NOW

 

I fixed your quote ;)

 

 


This is a signature that appears on all my posts.  
IF YOU MAKE A POST REQUESTING HELP...please state the exact version
of osCommerce that you are using. THANKS

 
Get the latest Responsive osCommerce CE (community edition) here

Share this post


Link to post
Share on other sites

All done. Thanks for the heads up.


REMEMBER BACKUP, BACKUP AND BACKUP

Get the latest Responsive osCommerce CE (community edition) here

It's very easy to over complicate what are simple things in life

Share this post


Link to post
Share on other sites

So, is there a preferred channel for reporting such things? I realize there is a lot of crap out there breathlessly reporting horrendous security exposures on decade-old osC versions, which you probably don't want to wade through.

Share this post


Link to post
Share on other sites

So, is there a preferred channel for reporting such things? I realize there is a lot of crap out there breathlessly reporting horrendous security exposures on decade-old osC versions, which you probably don't want to wade through.

 

This Channel?

Share this post


Link to post
Share on other sites

So, is there a preferred channel for reporting such things? I realize there is a lot of crap out there breathlessly reporting horrendous security exposures on decade-old osC versions, which you probably don't want to wade through.

 

A message to @@Gergely or @burt would do it, but only for 2.3 shops onwards.


This is a signature that appears on all my posts.  
IF YOU MAKE A POST REQUESTING HELP...please state the exact version
of osCommerce that you are using. THANKS

 
Get the latest Responsive osCommerce CE (community edition) here

Share this post


Link to post
Share on other sites

If anyone would like to read more on this, please view this blog post from @@SecurityGeek

 

Anyone on Twitter might also like to follow https://twitter.com/_SecGeek


This is a signature that appears on all my posts.  
IF YOU MAKE A POST REQUESTING HELP...please state the exact version
of osCommerce that you are using. THANKS

 
Get the latest Responsive osCommerce CE (community edition) here

Share this post


Link to post
Share on other sites

I'm curious as to what I am missing here? What makes this a serious problem? If the admin is password protected, this exploit can't be used, at least that I can see. If a hacker can get by the password protection, there would be much more serious problems. And, of course, if the admin was named something else, it would all but eliminate this possibility even if it worked without logging in. I'm not saying it shouldn't be fixed and it is good that it was reported. I'm just wondering what I am missing that seems to make this much of a threat.

Share this post


Link to post
Share on other sites

You are quite correct Jack. It will only affect those not employing htaccess on their admin directories where the admin directory is discoverable.

 

So its not going to be a ground breaking security issue as was the case with previous admin exploits.


- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Share this post


Link to post
Share on other sites

×