quetevendo Posted March 10, 2015 Share Posted March 10, 2015 What about this? http://www.exploit-db.com/exploits/34582/ and http://packetstormsecurity.com/files/128452/Oscommerce-2.3.4-XSS-HPP-File-Inclusion.htmlI understand that the risk is minimized if the protected directory administrator, but it's true? Link to comment Share on other sites More sharing options...
MrPhil Posted March 10, 2015 Share Posted March 10, 2015 Further discussion: http://www.oscommerce.com/forums/topic/398400-vulnerabilities-in-234/?hl=exploit-db#entry1708006. It sounds like "security" firms go around claiming massive vulnerabilities, and you should use their expen$ive product instead, or pay them a lot of money to fix your site for you. Some of these vulnerabilities may have actually existed in older osC versions, and they just updated their list to say "2.3.4" rather than actually investigating whether the vulnerability still exists. Don't totally ignore these warnings, as some may be valid, but don't panic over them either. Link to comment Share on other sites More sharing options...
BrockleyJohn Posted March 10, 2015 Share Posted March 10, 2015 What about this? http://www.exploit-db.com/exploits/34582/ and http://packetstormsecurity.com/files/128452/Oscommerce-2.3.4-XSS-HPP-File-Inclusion.html I understand that the risk is minimized if the protected directory administrator, but it's true? The second one demonstrates the importance of deleting the catalog/install directory as soon as you've run it for the initial set up. Contact me for work on updating existing stores - whether to Phoenix or the new osC when it's released. Looking for a payment or shipping module? Maybe I've already done it. Working on generalising bespoke solutions for Quickbooks integration, Easify integration and pay4later (DEKO) integration at 2.3.x Link to comment Share on other sites More sharing options...
tgely Posted March 10, 2015 Share Posted March 10, 2015 Always follow the osCommerce official instructions..http://library.oscommerce.com/Online&en&oscom_2_3&getting_started&post_installation osCommerce based shop owner with minimal design and focused on background works. When the less is more.Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store. Link to comment Share on other sites More sharing options...
quetevendo Posted March 10, 2015 Author Share Posted March 10, 2015 Thanks! Link to comment Share on other sites More sharing options...
♥kymation Posted March 10, 2015 Share Posted March 10, 2015 The second one demonstrates the importance of deleting the catalog/install directory as soon as you've run it for the initial set up. Why does the osCommerce installer not do this automatically? Regards Jim See my profile for a list of my addons and ways to get support. Link to comment Share on other sites More sharing options...
tgely Posted March 12, 2015 Share Posted March 12, 2015 Hi Jim, lets go! osCommerce based shop owner with minimal design and focused on background works. When the less is more.Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store. Link to comment Share on other sites More sharing options...
♥kymation Posted March 12, 2015 Share Posted March 12, 2015 Go where? Regards Jim See my profile for a list of my addons and ways to get support. Link to comment Share on other sites More sharing options...
tgely Posted March 12, 2015 Share Posted March 12, 2015 to develop new install as you like. :) osCommerce based shop owner with minimal design and focused on background works. When the less is more.Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store. Link to comment Share on other sites More sharing options...
♥kymation Posted March 12, 2015 Share Posted March 12, 2015 Do you have access to add a new version to the downloads page? If not, I fail to see the point. Regards Jim See my profile for a list of my addons and ways to get support. Link to comment Share on other sites More sharing options...
tgely Posted March 12, 2015 Share Posted March 12, 2015 I have not driving licence when I was sixteen but now I have..I wasnt able to walk when I was born but later I could run.. .. No problem it was your wish and not mine. I wont prevent you to get it. o:) osCommerce based shop owner with minimal design and focused on background works. When the less is more.Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.