mrgadget Posted May 13, 2008 Posted May 13, 2008 Been running my oscommerce shop (http://www.mrgadget.com.au/catalog) for almost 5 years now and I feel very attached to it, especially after all the custom mods and add-ons I have mostly carefully installed. You pros may call it crude, but it's helped me turnover almost $5 million in the last 5 years :P Not happy with the way that my ISP installed the payment pages - installed them on a different secure server which mean I had to duplicate all my images, one for normal server and one for secure server, everytime I uploaded a new product. I am now thinking of not only fixing this crude install, but also move to a dedicated web server and upgrade to the lastest version of osCommerce. Your thoughts would be highly appreciated. And if there are any very experienced osCommerce / PHP Developers out there who want to help me with the migration, please PM me. May also need advice on speeding up performance so perhaps some database tuning too? Best Regards, Arnold :) Director www.mrgadget.com.au
K3D Posted May 13, 2008 Posted May 13, 2008 Upgrade your customer testimonials script IMMEDIATELY. You are leaking your customer details/database to anyone that knows the vulnerability.
mrgadget Posted May 13, 2008 Author Posted May 13, 2008 Upgrade your customer testimonials script IMMEDIATELY. You are leaking your customer details/database to anyone that knows the vulnerability. Hi K3D, are you talking about Security Pro? Is this legit?
K3D Posted May 13, 2008 Posted May 13, 2008 Hi K3D, are you talking about Security Pro?Is this legit? Search google for: oscommerce customer testimonials vulnerability you will find a proof of concept and a sample url string in order to prove you are vulnerable. Check the contributions area for an updated and security fixed version of the customer testimonials script.
mrgadget Posted May 13, 2008 Author Posted May 13, 2008 Search google for: oscommerce customer testimonials vulnerabilityyou will find a proof of concept and a sample url string in order to prove you are vulnerable. Check the contributions area for an updated and security fixed version of the customer testimonials script. Thank you for the feedback K3D, I've just updated with 2.1 :)
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.