Friday, 4 October 2013

[EN] osCommerce Exploited

Hi ;)

Durning few projects sometimes I can find that customers are using osCommerce
at their servers.

I prepare a small (poc) tool to a little bit automate a process of password cracking
and exploiting RCE available in admin panel (again ;) ).

Like I said to next week, this won't be public, sorry.
Anyway if you think that you will need it before (to test your sites or
your customers) then feel free to let me know privately, via email as always.

Have a nice day


  1. And what if you share this information with oscommerce team to fix the error. Here the forum:

    Your contribution is appreciated.


  2. What if? Hm... Let me ask you same question with answer ad hoc:
    what if I done that week ago to 2 people mentioned as a members of their team and they didn't answer to this day?

    This is one. Secon, what if I talk with user called 'bart' at their 'online chat' and he said that
    because vuln is in admin panel they do not take it seriously? ;)

    I think it is the answer for your question.

    Thanks ;)


What do You think...?