2009/07/19

osCommerce Admin Authentication Compromised

Filed under: osCommerce — Tags: , — eCartz @ 21:33  Share/Bookmark  Delicious  StumbleUpon  WordPress  Twitter  LinkedIn

Jan Zonjee recently reported that an exploit has been found in osCommerce’s admin authentication.  The osCommerce team recommends that shop owners rename their admin directory and switch to Apache’s Basic Authentication.  For people who do this, they also suggest some code changes to allow the osCommerce admin authentication scheme to auto-login someone who already authenticated with Apache.

Update:  I’ve now seen a specific exploit for this.  That one worked by compromising the File Manager tool.  The fix for that is easy.  Remove the File Manager tool from your admin.  You can do this by deleting the file admin/file_manager.php — that’s sufficient to close the security hole.  If you want to make the file manager stop appearing in the Tools menu, also delete

 PHP |   copy code |? 
27
                                   '<a href="' . tep_href_link(FILENAME_DEFINE_LANGUAGE) . '" class="menuBoxContentLink">' . BOX_TOOLS_DEFINE_LANGUAGE . '</a><br>' .
28
                                   '<a href="' . tep_href_link(FILENAME_FILE_MANAGER) . '" class="menuBoxContentLink">' . BOX_TOOLS_FILE_MANAGER . '</a><br>' .

from admin/includes/boxes/tools.php and delete the file admin/define_language.php as well.

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment

You can log in to post a comment, or just fill out your name and email.

Powered by WordPress