Hi there,
I just found out about OpenCart ecommerse script and heard mixed reviews about security issues. How many of you guys out there run a pretty large site with OC and haven't had any security issues?
there was one problem with version 1.18. It was not a major security problem.
thats it out of all the releases!
there is no security problems with opencart!
its probabl;y the most secure cart out there!
where are these reviews?
it seems that the same security issue is spread among thousands of sites.
I was actually told about the problem by the person that that put the alert out 1 month before he made the problem know to the security sites.
thats it out of all the releases!
there is no security problems with opencart!
its probabl;y the most secure cart out there!
where are these reviews?
it seems that the same security issue is spread among thousands of sites.
I was actually told about the problem by the person that that put the alert out 1 month before he made the problem know to the security sites.
OpenCart®
Project Owner & Developer.
Just looking at some security web sites that there are 100's of security problems that have been reported with oscommerce, cubecart, zen cart, magento prestashop.
Heres a nasty one for Prestashop:
http://xforce.iss.net/xforce/xfdb/47158
Magento:
http://www.molotovbliss.com/blog/magent ... erability/
osCommerce:
http://www.securiteam.com/unixfocus/6O00C1P95E.html
ZenCart
http://www.securityfocus.com/bid/15690/exploit
Heres a nasty one for Prestashop:
http://xforce.iss.net/xforce/xfdb/47158
Magento:
http://www.molotovbliss.com/blog/magent ... erability/
osCommerce:
http://www.securiteam.com/unixfocus/6O00C1P95E.html
ZenCart
http://www.securityfocus.com/bid/15690/exploit
OpenCart®
Project Owner & Developer.
Daniel we know the others are buggy and have lots of holes so don't think 'slagging' them off is appropriate.
Think its more important to concentrate on opencart and not the others
I have done a search the only problems I can find all look towards version 1.1.8 which that hole has now been fixed.
What about this one? http://www.juniper.net/security/auto/vu ... 34724.html thats the only link I can find that's slightly different report to the others.
Think its more important to concentrate on opencart and not the others
I have done a search the only problems I can find all look towards version 1.1.8 which that hole has now been fixed.
What about this one? http://www.juniper.net/security/auto/vu ... 34724.html thats the only link I can find that's slightly different report to the others.
Please readUpgrading from versions previous to 1.2.9 is not possible.
If you run a store on version 1.2.9 you first need to upgrade to 1.3.0 and then to 1.3.2. To do this follow the instructions found in the various chapters on this page.
OpenCart 1.4.7 and later comes with an upgrade script. Follow these instructions for Upgrading to 1.4.7 or later. The upgrade script can be used to upgrade your site from as far back as 1.3.2.
Norman in 't Veldt
Moderator OpenCart Forums
_________________ READ and Search BEFORE POSTING _________________
Our FREE search: Find your answer FAST!.
[How to] BTW + Verzend + betaal setup.
yes there is a CSRF posibility, and it's not an easy fix the token system was added to several places in every single admin file, so you'll either have to upgrade or live with the security vulnerability.
OpenCart commercial mods and development http://spotonsolutions.net
Layered Navigation
Shipment Tracking
Vehicle Year/Make/Model Filter
Tho the url class existed there so it would be a lot less work. But still better to upgradeXsecrets wrote:yes there is a CSRF posibility, and it's not an easy fix the token system was added to several places in every single admin file, so you'll either have to upgrade or live with the security vulnerability.
If you'll just search the forums. for CSRF you will find it.maxila wrote:I am familiar with php, if you tell me where is the problem I could be able to fix it myself. if you wish please PM me detail. thanks.
OpenCart commercial mods and development http://spotonsolutions.net
Layered Navigation
Shipment Tracking
Vehicle Year/Make/Model Filter
actually if you get the old "extension.zip" pack from here:
http://code.google.com/p/opencart/downloads/list
There is a file called CSRF or oc_csrf.zip in there. That has the steps needed to add a token system using the url class. It was for 1.4.0 I believe, but if you know php you might be able to figure out how to add it to 1.2.9
http://code.google.com/p/opencart/downloads/list
There is a file called CSRF or oc_csrf.zip in there. That has the steps needed to add a token system using the url class. It was for 1.4.0 I believe, but if you know php you might be able to figure out how to add it to 1.2.9
Who is online
Users browsing this forum: Bing [Bot] and 48 guests
