Guest Posted February 22, 2005 Share Posted February 22, 2005 taken from http://www.securiteam.com/windowsntfocus/5VP0S0KEUG.html Summary osCommerce is "an online shop e-commerce solution under on going development by the open source community. Its feature packed out-of-the-box installation allows store owners to setup, run, and maintain their online stores with minimum effort and with absolutely no costs or license fees involved." A vulnerability in osCommerce allows a malicious attacker to run Cross Site Scripting attacks on vulnerable systems. Credit: The information has been provided by John Cobb. The original article can be found at: http://www.nobytes.com Details Vulnerable Systems: * osCommerce version 2.2-MS2 Proof of Concept: Following link will run malicious script : http://www.victimsite.com/contact_us.php?&...e)%3C/script%3E Disclosure Timeline: * 09/02/2005 - Vulnerability discovered * 09/02/2005 - Informed Is anyone aware of this yet? What can we do to protect ourselves against abusers of this vulnerability? -Ethan Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.