Shopping cart other than OSCommerce?

Tue Dec 7 22:11:10 UTC 2010

At 04:04 p.m. 07/12/2010, you wrote:
>On Tue, 07 Dec 2010 15:32:06 -0600
>Jorge Biquez <jbiquez at intranet.com.mx> articulated:
>
> > At 03:01 p.m. 07/12/2010, Chuck Swiger wrote:
> > >On Dec 7, 2010, at 12:36 PM, Jorge Biquez wrote:
> > > > With a provider where I had a dedicated server, not running
> > > FreeBsd , the entire server was hacked and before leaving them, the
> > > tech support people said that the hacking was because of a problem
> > > with some libraries under PHP AND OSCOMMERCE. They never could
> > > prove that but I leave them since the entire server was hacked, not
> > > information stolen but ONLY that$ all  web pages (.html, .php)
> > > pages where changed, all under different domains  and account
> > > jailed (?) using CPANEL. Anyway. I am not sure how sensible is
> > > OSCCOmmerce to that since I know it is very popular but I would
> > > like to test something else.
> > >
> > >30 seconds with a Google search suggests that osCommerce has
> > >unpatched security vulnerabilities which do lead to compromise of
> > >admin and arbitrary PHP code execution:
> > >
> > >   http://secunia.com/advisories/product/1308/
> > >
> > >"Affected By    7 Secunia advisories
> > >                 44 Vulnerabilities
> > >
> > >Unpatched       29% (2 of 7 Secunia advisories)
> > >
> > >Most Critical Unpatched
> > >The most severe unpatched Secunia advisory affecting osCommerce 2.x,
> > >with all vendor patches applied, is rated Highly critical."
> > >
> > >   http://secunia.com/advisories/33446/
> > >
> > >"1) The application allows users to perform certain actions via HTTP
> > >requests without performing any validity checks to verify the
> > >requests. This can be exploited to e.g. create additional
> > >administrator accounts by tricking an administrative user into
> > >visiting a malicious web site.
> > >
> > >2) An error in the authentication mechanism can be exploited to
> > >bypass authentication checks and gain access to the administrative
> > >interface in the "admin/" folder.
> > >
> > >Successful exploitation allows to upload and execute arbitrary PHP
> > >code e.g. via the file_manager.php script."
> > >
> > >In other words, your former site's tech support people were likely
> > >right-- the site was almost certainly hacked because of
> > >osCommerce.  Find something else, preferably something which is not
> > >based upon PHP.
> >
> > Thanks for the time and rapid response Mr Chuck.
> >
> > Yes. Seems like the guilty one was OSCommerce. I am looking exactly
> > for other option, as you say maybe not PHP ones and that's why asked
> > for advice based on experinces of what people is using. I am looking
> > for python option also. My needs are very simple, even a catalog of
> > products without the shopping cart will be enough. I am also looking
> > options that let you add modules. I want to continue using Freebsd,
> > continue learning and also solve a personal need.
> >   Of course the idea is not to start a war between PHP lovers and any
> > other language, but options and suggestions are very welcome. Anyway.
> > I will continue searching. And when I find the solution will posted
> > here , maybe could be of help to someone.
> >
> > By the way. It is great to receive advise from people like you all
> > guys. I have been on the list for several years and I always learn
> > something , always.
>
>Seriously, have you tried Googling for a potential solution? I just
>spent a few minutes and found several candidates.
>
>--
>Jerry âœŒ
>FreeBSD.user at seibercom.net
>
>Disclaimer: off-list followups get on-list replies or get ignored.
>Please do not ignore the Reply-To header.
>__________________________________________________________________

Hello.
I have found several already with Google.... just 
not sure what path to follow and that's why I 
wanted to know what suggestions other has on what 
are using actually under Freebsd. Of course there 
are several ones, some look very good and promising.... yes.

Thanks in advance

Jorge Biquez