Thu Nov 23 16:34:03 EST 2017
What is osCommerce?
osCommerce is the leading Open Source online shop e-commerce solution
that is available for free under the GNU General Public License. It
features a rich set of out-of-the-box online shopping cart functionality
that allows store owners to setup, run, and maintain their online stores
with minimum effort and with no costs, license fees, or limitations
The goal of the osCommerce project is to continually evolve by
attracting a community that supports the ongoing development of the
project at its core level and extensively through contributions to
provide additional functionality to the already existing rich feature
The services provided on the network of osCommerce support sites are
continually improved to match the growing community the project has
attracted in its 5 years of operation. Today, this community consists of
over 62,000 store owners, developers, designers, and enthusiasts, and
over 2,700 community made contributions that help make the project
SECNAP has not attempted to compromise any of these sites, nor attempted
to obtain any information behind authorization from any of these sites,
and this is just for informational purposes.
inurl:"extras/update.php" intext:mysql.php -display
Or for example for secnap.com:
site:www.secnap.com inurl:"extras/update.php" intext:mysql.php -display
(we don't use oscommerce, insert your companies url if you suspect they
If you or an site you are selling products through runs oscommerce, all
your data, your system, your files, your account numbers, clients
information, and possibly credit card numbers are at risk.
If you have compromised client personal private information, and live in
a state that mandates disclosure, you must inform the affected clients.
If your whole database has been downloaded, you may be required to make
a public disclosure.
NO fix has been offered by the original security researcher, nor does it
look like they informed oscommerce about this, but since this was posted
on bugtraq, many 'curious' people will be looking to see what they can
Immediate action is required to prevent future disclosure.
Oscommerce may offer a fix in the future, so check with their web site.]
More information about the Snort-sigs