Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Exploit OSC-1001


myforum

Recommended Posts

Hello,

 

I have a old OSC version and I use the addon Administration Access Level. Now I have the problem that you can see with the url "...myshop.com/admin/orders.php/login.php" my order view and this without a correct login. So you can see my orders without login. So this is a security problem. A friend told me that under http://svn.oscommerce.com/jira/browse/OSC-1001 is a solution. There is code but I don't know where I add this code.

 

I hope you can help me how i can fix this problem.

 

Thank you.

Link to comment
Share on other sites

There are a lot of security measures to be taken to secure osc and it's not just that exploit that needs closing. Read the 'How to secure your site' thread and apply all the measures listed.

www.jyoshna.com. Currently using OsC with STS, Super Download Store, Categories Descriptons, Manufacturers Description, Individual Item Status, Infopages unlimited, Product Sort, Osplayer with flashmp3player, Product Tabs 2.1 with WebFx Tabpane and other bits and pieces including some I made myself. Many thanks to all whose contributions I have used!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...