Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

2.3.1 Bug?


quetevendo

Recommended Posts

Today I found an article that says it found a bug in version 2.3.1 that allows you to upload files to the administrator as has happened with the version 2.2Rca.

 

Anyone know of this?

 

Article: Bug in 2.3.1?

 

I hope news ...

 

Greetings

Link to comment
Share on other sites

This is the original 0Day

http://www.exploit-db.com/exploits/17285/

The patched $PHP_SELF code in 2.3.1 will redirect this request back to the login.php page if the user is not logged in, rather than allow this POST request to complete. It might work in earlier versions of osCommerce, but it won't work in 2.3.1

 

If you have osC_Sec.php installed or any other addon that catches the occurrence of .php/login then any attempt like the one stated in exploit-db.com will be banned even though the 2.3.1 site code is patched against this.

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

In saying all of that, I think this should still be submitted to the developers to look at and make an official statement on the matter.

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...