Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

New Vulnerabilities


Guest

Recommended Posts

Hello every one sorry i dont knwo if it is new or not or if everyone know anything about it or no any way check this link

K-otik

and this is an example

 

this is an exampl

http://www.yoursite.com/catalog(or where ever your package is installed/contact_us.php?&name=1&email=1&enquiry=%3C/textarea%3E%3Cscript%3Ealert('w00t');%3C/script%3E

Link to comment
Share on other sites

I suggest everyone disable the contact us or do something else i dont know i am working on it see if i can find a solution for it but in the mean time watch out because i test it and it worked

Link to comment
Share on other sites

Hello Hamed,

 

Please explain what this vulnerability does, why it is important to store owners, and also how it could be used to comprise the website.

 

Keep in mind that this is a loaded question since I already know the answer...I just want to know if you do as your recommendation seems a bit harsh.

 

Bobby

Link to comment
Share on other sites

ok fair enough if you know the answer then good luck other wise contact my via pm then, but it will let the attacker to use the code and run a remote code on your website which will lead the attacker to for example download your database or damage your data and keep in mind i test it on my test website and it did work.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...