gulftech Posted August 16, 2006 Share Posted August 16, 2006 Recently I discovered a critical sql injection vulnerability in the latest version of osCommerce 2.2 MS2. I am trying to contact the osCommerce developers to let them know about the vulnerability and how to prevent it, but I am not having much luck finding a security contact or any developer info other than the hpdl @ oscommerce email address (I have written this email address and recieved no reply). Anyway, any help in getting some developer contact info would be greatly appreciated as the vulnerable sql statement happens right in the middle of a select query making it pretty easy to get any info from the database (credit card numbers, password hashes, etc) with little effort as long as UNION SELECT functionality is enabled. Also, this vulnerability is in the shopping cart so no special access is needed to exploit the issue. Just a normal customer account ... Kind Regards, James Bercegay Link to comment Share on other sites More sharing options...
Iggy Posted August 16, 2006 Share Posted August 16, 2006 Anyone official going to respond to this here? Iggy Everything's funny but nothing's a joke... Link to comment Share on other sites More sharing options...
gulftech Posted August 16, 2006 Author Share Posted August 16, 2006 Anyone official going to respond to this here? Iggy Hi iggy, Harald has responded to me in private and has already produced a fix. We are also talking about the possibility of setting up a [email protected] email address so that vulnerabilities are easier to handle promptly. Also, while the zen cart sql injection and the oscommerce sql injection are similar they are not the same. So no zen cart exploits (which are now publicly available) will work on osCommerce. Also, I plan on keeping details private until a patch is released (which would be soon since a fix has already been created) so shop owners are at no great risk. Kind Regards, James Bercegay Link to comment Share on other sites More sharing options...
jasonabc Posted August 16, 2006 Share Posted August 16, 2006 James - thanks very much for your efforts in bringing this vulnerability to the attention of the OSC team and the wider community - much appreciated. Jason My Contributions: Paypal Payflow PRO | Rollover Category Images | Authorize.net Invoice Number Fix Link to comment Share on other sites More sharing options...
Iggy Posted August 16, 2006 Share Posted August 16, 2006 I give that the official Iggy "Sweet Sauce?" Award! Thanks James and Harald! Looking forward to it! Iggy Everything's funny but nothing's a joke... Link to comment Share on other sites More sharing options...
Guest Posted September 20, 2006 Share Posted September 20, 2006 any update to a patch for this Vulnerability? Link to comment Share on other sites More sharing options...
jhande Posted September 22, 2006 Share Posted September 22, 2006 Also, I plan on keeping details private until a patch is released (which would be soon since a fix has already been created) so shop owners are at no great risk. If I was hanging by my neck from a tree I'd be stiff by now. If I was stomped grapes, I'd be wine on a dinner table. What's the news on a patch release? :-" - :: Jim :: - - My Toolbox ~ Adobe Web Bundle, XAMPP & WinMerge | Install ~ osC v2.3.3.4 - Link to comment Share on other sites More sharing options...
Jan Zonjee Posted September 22, 2006 Share Posted September 22, 2006 If I was hanging by my neck from a tree I'd be stiff by now.If I was stomped grapes, I'd be wine on a dinner table. What's the news on a patch release? Ever considered reading the News and Announcements forum once in a while? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.