osCommerce/OSC Feedback Form Exploit info

  • Axe
  • Genius
  • Genius
  • User avatar
  • Posts: 5731
  • Loc: Sub-level 28

Post 3+ Months Ago

As the topic of securing forms, captcha, and mail header injection has come up relatively often recently, and also given the popularity of osCommerce, I figured it'd be worth posting about this here.

I received a security email from OSCMax today regarding a security issue relating to all versions of osCommerce that allows mail headers to be injected into the feedback for.

Here's the info and fix.


Post Information

  • Total Posts in this topic: 1 post
  • Users browsing this forum: No registered users and 2 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum

© 1998-2017. Ozzu® is a registered trademark of Unmelted, LLC.