Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » osCommerce denial of service vulnerabilities

osCommerce denial of service vulnerabilities

by Mario Miri on April 24th, 2003 It has been reported that attacker is able to trigger denial of service attack on server running osCommerce software. Due to bug in some php pages of the software, by supplying a malformed URI, a denial of service condition could be triggered on underlying MySQL and HTTP servers.


Vulnerable:
osCommerce 2.2 cvs


Exploit / Proof of concept:
http://download.xatrix.org/prf/oscomerce.txt


Solution:
Currently there are no vendor supplied patches.


Discovered by:
Lorenzo Hernandez Garcia-Hierro, [email protected]


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »