SecurityGeek Posted February 3, 2014 Share Posted February 3, 2014 Hello, i would like to report a 0day vulnerability that works on the latest version of oscommerce 2.3.3.4 i don't want to disclose more information here on public before applying a fix can you advice where i can send the security report ? i cannot find a free way to contact the support Thanks #Ahmed Aboul-Ela Link to comment Share on other sites More sharing options...
burt Posted February 4, 2014 Share Posted February 4, 2014 The vulnerability is confirmed. I'd like to thank Ahmed Aboul-Ela @@SecurityGeek for bringing this to our attention prior to making it public. Fix: https://github.com/gburton/oscommerce2/commit/e4d90eccd7d9072ebe78da4c38fb048bfe31c902 Link to comment Share on other sites More sharing options...
burt Posted February 4, 2014 Share Posted February 4, 2014 Guys, I think this serious enough to have updated over 40 shops this morning. Highly suggest that you make the same change as outlined in the link above, and do it NOW. Link to comment Share on other sites More sharing options...
greasemonkey Posted February 4, 2014 Share Posted February 4, 2014 done and done... Thank you @@burt@@SecurityGeek Link to comment Share on other sites More sharing options...
♥14steve14 Posted February 4, 2014 Share Posted February 4, 2014 I have noticed that the same code is in both early and late versions of oscommerce, so I assume that most stores will need amending. Is this the case. REMEMBER BACKUP, BACKUP AND BACKUP Link to comment Share on other sites More sharing options...
burt Posted February 4, 2014 Share Posted February 4, 2014 ALL stores will need amending NOW I fixed your quote ;) Link to comment Share on other sites More sharing options...
♥14steve14 Posted February 4, 2014 Share Posted February 4, 2014 All done. Thanks for the heads up. REMEMBER BACKUP, BACKUP AND BACKUP Link to comment Share on other sites More sharing options...
mhsuffolk Posted February 4, 2014 Share Posted February 4, 2014 Done mine. Thanks @@burt and @@SecurityGeek Live shop Phoenix 1.0.8.4 on PHP 7.4 Working my way up the versions. Link to comment Share on other sites More sharing options...
MrPhil Posted February 4, 2014 Share Posted February 4, 2014 So, is there a preferred channel for reporting such things? I realize there is a lot of crap out there breathlessly reporting horrendous security exposures on decade-old osC versions, which you probably don't want to wade through. Link to comment Share on other sites More sharing options...
quetevendo Posted February 4, 2014 Share Posted February 4, 2014 So, is there a preferred channel for reporting such things? I realize there is a lot of crap out there breathlessly reporting horrendous security exposures on decade-old osC versions, which you probably don't want to wade through. This Channel? Link to comment Share on other sites More sharing options...
quetevendo Posted February 4, 2014 Share Posted February 4, 2014 Already 18 repair shops. Thank you! Link to comment Share on other sites More sharing options...
burt Posted February 4, 2014 Share Posted February 4, 2014 So, is there a preferred channel for reporting such things? I realize there is a lot of crap out there breathlessly reporting horrendous security exposures on decade-old osC versions, which you probably don't want to wade through. A message to @@Gergely or @burt would do it, but only for 2.3 shops onwards. Link to comment Share on other sites More sharing options...
burt Posted February 6, 2014 Share Posted February 6, 2014 If anyone would like to read more on this, please view this blog post from @@SecurityGeek Anyone on Twitter might also like to follow https://twitter.com/_SecGeek Link to comment Share on other sites More sharing options...
Jack_mcs Posted February 7, 2014 Share Posted February 7, 2014 I'm curious as to what I am missing here? What makes this a serious problem? If the admin is password protected, this exploit can't be used, at least that I can see. If a hacker can get by the password protection, there would be much more serious problems. And, of course, if the admin was named something else, it would all but eliminate this possibility even if it worked without logging in. I'm not saying it shouldn't be fixed and it is good that it was reported. I'm just wondering what I am missing that seems to make this much of a threat. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Taipo Posted February 8, 2014 Share Posted February 8, 2014 You are quite correct Jack. It will only affect those not employing htaccess on their admin directories where the admin directory is discoverable. So its not going to be a ground breaking security issue as was the case with previous admin exploits. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.