Community Forums

by **disgruntled** » Tue May 15, 2012 4:11 pm

Is this valid? http://www.exploit-db.com/exploits/18813/

Someone needs to address this... Making OC look bad which makes us look bad because we use it.

by **bull5-i** » Tue May 15, 2012 5:29 pm

disgruntled wrote:Is this valid? http://www.exploit-db.com/exploits/18813/

Someone needs to address this... Making OC look bad which makes us look bad because we use it.

Yeah, they are valid under described configurations.

by **Daniel** » Thu May 17, 2012 11:55 am

disgruntled wrote:Is this valid? http://www.exploit-db.com/exploits/18813/

Someone needs to address this... Making OC look bad which makes us look bad because we use it.

99% of them are not. the windows one maybe possible. also i have added fixes for some of what this guy posted in the svn.

just make sure your download directory has the correct permissions of CHMOD 755 and not 777. which is read and write but not execute.

by **Daniel** » Thu May 17, 2012 11:57 am

krokodylowy3 wrote:Exploits succesfully attacks OC sites (1.5.2.2)

More viewtopic.php?f=161&t=63607
Config.php shuld be better secured by default.

http://blog.spiderlabs.com/2012/05/hone ... -vuln.html
http://eindbazen.net/2012/05/php-cgi-ad ... 2012-1823/

this is for php not specific not opencart. we have no control of the development of php and your an idiot to suggest this is related to opencart.

by **heinzchen** » Thu May 17, 2012 2:29 pm

Daniel wrote:
krokodylowy3 wrote:Exploits succesfully attacks OC sites (1.5.2.2)

More viewtopic.php?f=161&t=63607
Config.php shuld be better secured by default.

http://blog.spiderlabs.com/2012/05/hone ... -vuln.html
http://eindbazen.net/2012/05/php-cgi-ad ... 2012-1823/

this is for php not specific not opencart. we have no control of the development of php and your an idiot to suggest this is related to opencart.

sure, it's NEVER your fault! btw, who is the real idiot ?

by **i2Paq** » Fri May 18, 2012 8:52 am

heinzchen wrote:sure, it's NEVER your fault! btw, who is the real idiot ?

Please temper yourself.

If you read what these link are about it is related ONLY to php, that is a server related part where OpenCart has no control over.
It is a known vulnerability and the official fix is not fix what so ever. There are third party better fixes, please use Google or ask your hoster.

Make sure you have setup you file and directory security as advised. There are plenty topics on how this should be done on our forums.

by **heinzchen** » Fri May 18, 2012 10:26 am

i2Paq wrote:
heinzchen wrote:sure, it's NEVER your fault! btw, who is the real idiot ?

Please temper yourself.

If you read what these link are about it is related ONLY to php, that is a server related part where OpenCart has no control over.
It is a known vulnerability and the official fix is not fix what so ever. There are third party better fixes, please use Google or ask your hoster.

Make sure you have setup you file and directory security as advised. There are plenty topics on how this should be done on our forums.

Daniel wrote: ... and your an idiot to suggest this is related to opencart.

Right, but what do you think of that? I think this is pathetic!

by **i2Paq** » Fri May 18, 2012 10:49 am

heinzchen wrote:
Daniel wrote: ... and your an idiot to suggest this is related to opencart.

Right, but what do you think of that? I think this is pathetic!

I agree there is a better way of communication.

Don't forget that "we", Moderators and all, see a lot of topics about hacks and other stuff that in the end turn out not to be OpenCart related.

If it is OpenCart related there is no problem in discussing this, if it is related to parts not OpenCart related then we ask you to discus this elsewhere because these forums will be off topic within days.