TulipTools Internet Business Owners and Online Sellers Community

TulipTools Internet Business Owners and Online Sellers Community > Ecommerce > Ecommerce > Shopping Cart Scripts and Software > osCommerce, osCMax, and CRELoaded > Security Alert: creLoaded <= 6.15 (HTMLAREA) Automated Perl Exploit
Full Version: Security Alert: creLoaded <= 6.15 (HTMLAREA) Automated Perl Exploit
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

mandy

01-26-2006, 09:55 AM
Security hole found in osCommerce branch CRELoaded

Quote:Rather simple exploit, but still an exploit nonetheless. Attempts to upload php script and
# utilise that to execute commands, and show off a fake shell.

full article and code: http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=5921&title=creLoaded%20%3C=%206.15%20(HTMLAREA)%20Automated%20Perl%20Exploit

valleygirl

01-27-2006, 07:27 AM
Security concerns are part of the reasonĀ  I skipped right by osCommerce when I selected a shopping cart.

bargainbloodhound

01-27-2006, 07:41 PM
[quote author=valleygirl link=topic=2363.msg8424#msg8424 date=1138346831]
Security concerns are part of the reasonĀ  I skipped right by osCommerce when I selected a shopping cart.
[/quote]

The software itself isn't the problem, its the end user that is the security concern because many people don't bother to (or don't know to) install security patches as soon as they are released...and when you're using a very popular script like osC that can be a very costly mistake.
TulipTools Internet Business Owners and Online Sellers Community > Ecommerce > Ecommerce > Shopping Cart Scripts and Software > osCommerce, osCMax, and CRELoaded > Security Alert: creLoaded <= 6.15 (HTMLAREA) Automated Perl Exploit