rbartz Posted December 16, 2009 Share Posted December 16, 2009 A few days ago hackers found a way into osC 2 that will allow them to write executable files on the host server. Obviously, this is potentially a huge problem. I discovered it when Google alerted me that one of my sites was hosting a phishing program. I found the method they used to install the files and fixed my sites temporarily. I watched for the last 24 hours for something about this vulnerability to be here, but nothing has come up yet. Who should I try to alert to this problem? I do not want to reveal here how it is done as it could open up a lot of stores to hackers. Richard Link to comment Share on other sites More sharing options...
rbartz Posted December 16, 2009 Author Share Posted December 16, 2009 Ok, sorry to reply to myself, but on further research I see it is a not a new problem. Only thing that amazes me is that no one is alerting folks about it... Closely Related: http://www.oscommerce.com/forums/topic/348589-serious-hole-found-in-oscommerce/ My advice is that you had better protect your sites TODAY! R Link to comment Share on other sites More sharing options...
Guest Posted December 16, 2009 Share Posted December 16, 2009 Richard, I think that EVERY security issue has been addressed at some point. But always good to keep an eye out for updates. Chris Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.