No subject


Thu Nov 23 16:34:03 EST 2017


=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
What is osCommerce?

osCommerce is the leading Open Source online shop e-commerce solution
that is available for free under the GNU General Public License. It
features a rich set of out-of-the-box online shopping cart functionality
that allows store owners to setup, run, and maintain their online stores
with minimum effort and with no costs, license fees, or limitations
involved.

The goal of the osCommerce project is to continually evolve by
attracting a community that supports the ongoing development of the
project at its core level and extensively through contributions to
provide additional functionality to the already existing rich feature
set.

The services provided on the network of osCommerce support sites are
continually improved to match the growing community the project has
attracted in its 5 years of operation. Today, this community consists of
over 62,000 store owners, developers, designers, and enthusiasts, and
over 2,700 community made contributions that help make the project
succeed.

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
SECNAP has not attempted to compromise any of these sites, nor attempted
to obtain any information behind authorization from any of these sites,
and this is just for informational purposes.

inurl:"extras/update.php" intext:mysql.php -display

Or for example for secnap.com:
site:www.secnap.com inurl:"extras/update.php" intext:mysql.php -display
(we don't use oscommerce, insert your companies url if you suspect they
use oscommerce)

If you or an site you are selling products through runs oscommerce, all
your data, your system, your files, your account numbers, clients
information, and possibly credit card numbers are at risk.

If you have compromised client personal private information, and live in
a state that mandates disclosure, you must inform the affected clients.
If your whole database has been downloaded, you may be required to make
a public disclosure.

NO fix has been offered by the original security researcher, nor does it
look like they informed oscommerce about this, but since this was posted
on bugtraq, many 'curious' people will be looking to see what they can
find.

Immediate action is required to prevent future disclosure.

Oscommerce may offer a fix in the future, so check with their web site.]




More information about the Snort-sigs mailing list