Shopping cart other than OSCommerce?

Jorge Biquez jbiquez at intranet.com.mx
Tue Dec 7 21:32:14 UTC 2010 

Hello all.

Thanks for the time and rapid response Mr Chuck.

Yes. Seems like the guilty one was OSCommerce. I am looking exactly 
for other option, as you say maybe not PHP ones and that's why asked 
for advice based on experinces of what people is using. I am looking 
for python option also. My needs are very simple, even a catalog of 
products without the shopping cart will be enough. I am also looking 
options that let you add modules. I want to continue using Freebsd, 
continue learning and also solve a personal need.
  Of course the idea is not to start a war between PHP lovers and any 
other language, but options and suggestions are very welcome. Anyway. 
I will continue searching. And when I find the solution will posted 
here , maybe could be of help to someone.

By the way. It is great to receive advise from people like you all 
guys. I have been on the list for several years and I always learn 
something , always.

Thanks to all

Jorge Biquez

At 03:01 p.m. 07/12/2010, Chuck Swiger wrote:
>On Dec 7, 2010, at 12:36 PM, Jorge Biquez wrote:
> > With a provider where I had a dedicated server, not running 
> FreeBsd , the entire server was hacked and before leaving them, the 
> tech support people said that the hacking was because of a problem 
> with some libraries under PHP AND OSCOMMERCE. They never could 
> prove that but I leave them since the entire server was hacked, not 
> information stolen but ONLY that$ all  web pages (.html, .php) 
> pages where changed, all under different domains  and account 
> jailed (?) using CPANEL. Anyway. I am not sure how sensible is 
> OSCCOmmerce to that since I know it is very popular but I would 
> like to test something else.
>
>30 seconds with a Google search suggests that osCommerce has 
>unpatched security vulnerabilities which do lead to compromise of 
>admin and arbitrary PHP code execution:
>
>   http://secunia.com/advisories/product/1308/
>
>"Affected By    7 Secunia advisories
>                 44 Vulnerabilities
>
>Unpatched       29% (2 of 7 Secunia advisories)
>
>Most Critical Unpatched
>The most severe unpatched Secunia advisory affecting osCommerce 2.x, 
>with all vendor patches applied, is rated Highly critical."
>
>   http://secunia.com/advisories/33446/
>
>"1) The application allows users to perform certain actions via HTTP 
>requests without performing any validity checks to verify the 
>requests. This can be exploited to e.g. create additional 
>administrator accounts by tricking an administrative user into 
>visiting a malicious web site.
>
>2) An error in the authentication mechanism can be exploited to 
>bypass authentication checks and gain access to the administrative 
>interface in the "admin/" folder.
>
>Successful exploitation allows to upload and execute arbitrary PHP 
>code e.g. via the file_manager.php script."
>
>In other words, your former site's tech support people were likely 
>right-- the site was almost certainly hacked because of 
>osCommerce.  Find something else, preferably something which is not 
>based upon PHP.
>
>Regards,
>--
>-Chuck
>
>_______________________________________________
>freebsd-questions at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list