Monday, 7 January 2013

[EN] osCommerce 2.3.3 Exploited

I found few bugs in latest version of popular osCommerce.

Here for now will be presented only persistent XSS bug and information disclosure.

It's good practice to remember that in case of information disclosure bugs we don't need any 'error displaying'. So it will be good idea to set it to "Off" in your php.ini file.

osCommerce 2.3.3 after XSS attack

This screen presents xss for logged in user.

No comments:

Post a Comment

What do You think...?