Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

contact_us.php Form Hijacked Best Fix ?


JohnDet

Recommended Posts

Dear Board,

 

the contact_us.php form on our site has been compromised by hackers, to send out spam emails.

 

Our host advised :

 

We were actually just about contact you about this issue. It appears that a contact form on your site has been compromised by spammers. This is due to the fact that the contact form is insecure and allows spammers to place code into the form making our mailservers send out all the spam emails.

 

This results in our mailservers getting banned by certain ISPs for sending spam. In particular AOL blocked our mailservers. This then causes major problems for other clients as legitimate emails fail due to the blocks.

 

We urgently need you to ensure that your contact forms on all your websites are secure and cannot be exploited.

Is the best fix for this from the contributions section :

 

Fix for osCommerce "Contact_us" Cross Site Scripting Vulnerability.

 

A vulnerability was reported in osCommerce, which can be exploited by attackers to conduct Cross Site Scripting attacks. The problem resides in the "contact_us.php" file when handling the "enquiry" parameter, which may be exploited to cause arbitrary scripting code to be executed by the user's browser.

 

This contribution gives a fix for this vunerability.

 

 

Any advice appreciated

 

John Det

Link to comment
Share on other sites

Dear Board,

 

the contact_us.php form on our site has been compromised by hackers, to send out spam emails.

 

Our host advised :

 

We were actually just about contact you about this issue. It appears that a contact form on your site has been compromised by spammers. This is due to the fact that the contact form is insecure and allows spammers to place code into the form making our mailservers send out all the spam emails.

 

This results in our mailservers getting banned by certain ISPs for sending spam. In particular AOL blocked our mailservers. This then causes major problems for other clients as legitimate emails fail due to the blocks.

 

We urgently need you to ensure that your contact forms on all your websites are secure and cannot be exploited.

Is the best fix for this from the contributions section :

 

Fix for osCommerce "Contact_us" Cross Site Scripting Vulnerability.

 

A vulnerability was reported in osCommerce, which can be exploited by attackers to conduct Cross Site Scripting attacks. The problem resides in the "contact_us.php" file when handling the "enquiry" parameter, which may be exploited to cause arbitrary scripting code to be executed by the user's browser.

 

This contribution gives a fix for this vunerability.

Any advice appreciated

 

John Det

 

The best fix you find with the latest osC update here

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...