GulfTech Discussion Forum
Welcome to GulfTech Research And Development Discussion Forum
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

osCommerce SQL Injection && DoS && Cross Sit

 
   Reply to topic    GulfTech Discussion Forum Forum Index -> Security
View previous topic :: View next topic  
Author Message
JeiAr
Site Admin



Joined: 26 Nov 2021
Posts: 207

Posted: Fri Dec 19, 2021 7:05 pm    Post subject: osCommerce SQL Injection && DoS && Cross Sit

By this monday I will be posting more osCommerce vulns I have found. Both MS1 and MS2 are affected. The effect on MS1 is critical, and the effect on MS2 is moderate. I will also post a link to a patch. That is the reason for the wait, developers will be getting ready a patch this weekend.


So be prepared to patch this coming week Details will be available on my website www.gulftech.org by monday, and I will get around to posting a link here eventually.
_________________
GulfTech Research And Development
Back to top
Send private message Yahoo Messenger
ComSec
Lurker



Joined: 30 Mar 2022
Posts: 6

Posted: Sun Dec 19, 2021 4:14 pm    Post subject:

take it you know about the new sploit that bypass cc details ?...not many do
_________________
.:
Back to top
Send private message
JeiAr
Site Admin



Joined: 26 Nov 2021
Posts: 207

Posted: Sun Dec 19, 2021 4:47 pm    Post subject:

Yeah, I talked to the guy that found it. I think everyone knew about his all alone, ut for some reason he was the first to see it as a security hazard. Good spot by him and hopefully the developers fix it soon.
_________________
GulfTech Research And Development
Back to top
Send private message Yahoo Messenger
ComSec
Lurker



Joined: 30 Mar 2022
Posts: 6

Posted: Sun Dec 19, 2021 6:11 pm    Post subject:

ok they accept the details at the check out... but sure the cc will block it before good are dispatched with that dodge cc number and inform the law

i wonder how many fools try get goods from it.... idiots if they try using it for fraud...only have them selves to blame if they get raided

my advice.... stay clear
_________________
.:
Back to top
Send private message
scorpius
Techie



Joined: 26 Sep 2021
Posts: 58
Location: the netherlands

Posted: Mon Dec 20, 2021 12:41 am    Post subject:

ComSec --> from GSO??

if so, then please tell me what has happened to it, since no one is able to get to the forums anymore the last couple of days....
_________________
I'm not a complete idiot, some parts are missing....

http://www.white-scorpion.nl
Back to top
Send private message
ComSec
Lurker



Joined: 30 Mar 2022
Posts: 6

Posted: Mon Dec 20, 2021 5:33 am    Post subject:

scorpius...yes GSO has been down all weekend... and unable to get intouch with the managed server till Monday ..

Server side problem

all is back to normal now... so far ?

since we switched servers ...we have had nothing but trouble with them
sorry for the downtime... shit happens
_________________
.:
Back to top
Send private message
scorpius
Techie



Joined: 26 Sep 2021
Posts: 58
Location: the netherlands

Posted: Mon Dec 20, 2021 3:40 pm    Post subject:

well, it is sh*t again at the moment, all seem to work BUT the forums Sad.

let's hope it will be back online soon, i kinda miss it
_________________
I'm not a complete idiot, some parts are missing....

http://www.white-scorpion.nl
Back to top
Send private message
ComSec
Lurker



Joined: 30 Mar 2022
Posts: 6

Posted: Mon Dec 20, 2021 8:51 pm    Post subject:

i know... there dead slow to respond... were still waiting for a reboot... its not good enough... Jeiar sent me a PM with an option... also we have had a few offers to move else where.. and i think we will be soon about time to if you ask me

BTW i only realised who you were today...from your avatar

if you fancy changing your nick to scorpius at GSO..then send me a PM

merry christmas to you all Smile
_________________
.:
Back to top
Send private message
JeiAr
Site Admin



Joined: 26 Nov 2021
Posts: 207

Posted: Tue Dec 21, 2021 8:08 am    Post subject:

Happy Holidays to you guys also Smile
_________________
GulfTech Research And Development
Back to top
Send private message Yahoo Messenger
scorpius
Techie



Joined: 26 Sep 2021
Posts: 58
Location: the netherlands

Posted: Wed Dec 22, 2021 1:36 pm    Post subject:

yes merry christmas to all



ComSec --> perhaps to "white scorpion"

i'll PM you when i have the time (first have to rewrite the source from Cached PasswordDumper to release it, it is a real mess now Sad).
_________________
I'm not a complete idiot, some parts are missing....

http://www.white-scorpion.nl
Back to top
Send private message
Display posts from previous:   
   Reply to topic    GulfTech Discussion Forum Forum Index -> Security All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum