Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

2.3.4 bug?


quetevendo

Recommended Posts

Further discussion: http://www.oscommerce.com/forums/topic/398400-vulnerabilities-in-234/?hl=exploit-db#entry1708006. It sounds like "security" firms go around claiming massive vulnerabilities, and you should use their expen$ive product instead, or pay them a lot of money to fix your site for you. Some of these vulnerabilities may have actually existed in older osC versions, and they just updated their list to say "2.3.4" rather than actually investigating whether the vulnerability still exists. Don't totally ignore these warnings, as some may be valid, but don't panic over them either.

Link to comment
Share on other sites

What about this? http://www.exploit-db.com/exploits/34582/ and http://packetstormsecurity.com/files/128452/Oscommerce-2.3.4-XSS-HPP-File-Inclusion.html

I understand that the risk is minimized if the protected directory administrator, but it's true?

 

The second one demonstrates the importance of deleting the catalog/install directory as soon as you've run it for the initial set up.

Contact me for work on updating existing stores - whether to Phoenix or the new osC when it's released.

Looking for a payment or shipping module? Maybe I've already done it.

Working on generalising bespoke solutions for Quickbooks integration, Easify integration and pay4later (DEKO) integration at 2.3.x

Link to comment
Share on other sites

Always follow the osCommerce official instructions..

http://library.oscommerce.com/Online&en&oscom_2_3&getting_started&post_installation

 

 

:blink:
osCommerce based shop owner with minimal design and focused on background works. When the less is more.
Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store.

Link to comment
Share on other sites

The second one demonstrates the importance of deleting the catalog/install directory as soon as you've run it for the initial set up.

 

Why does the osCommerce installer not do this automatically?

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

Hi Jim,

 

lets go!

:blink:
osCommerce based shop owner with minimal design and focused on background works. When the less is more.
Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store.

Link to comment
Share on other sites

to develop new install as you like. :)

:blink:
osCommerce based shop owner with minimal design and focused on background works. When the less is more.
Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store.

Link to comment
Share on other sites

I have not driving licence when I was sixteen but now I have..
I wasnt able to walk when I was born but later I could run..

..

 

No problem it was your wish and not mine. I wont prevent you to get it. o:)

 

 

:blink:
osCommerce based shop owner with minimal design and focused on background works. When the less is more.
Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...