osCommerce/OSC Feedback Form Exploit info

  • Axe
  • Genius
  • Genius
  • User avatar
  • Posts: 5739
  • Loc: Sub-level 28

Post 3+ Months Ago

As the topic of securing forms, captcha, and mail header injection has come up relatively often recently, and also given the popularity of osCommerce, I figured it'd be worth posting about this here.

I received a security email from OSCMax today regarding a security issue relating to all versions of osCommerce that allows mail headers to be injected into the feedback for.

Here's the info and fix.

http://bugtrack.oscmax.com/view.php?id=79
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

Post Information

  • Total Posts in this topic: 1 post
  • Users browsing this forum: No registered users and 7 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.