osCmax v2.5 User Manual
Results 1 to 2 of 2

[TiM's osC Solutions] osCommerce Threat Scanner

This is a discussion on [TiM's osC Solutions] osCommerce Threat Scanner within the New osCommerce Contributions forums, part of the osCommerce 2.2 Forums category; Updated to identify a couple of more known threats. Help developing this contribution and fight the evil code out there. ...

      
  1. 03-04-2010, 05:00 AM #1
    michael_s
    michael_s is offline
    osCMax Developer

    michael_s's Avatar
    Join Date
    Jul 2002
    Location
    Phoenix, AZ
    Posts
    19,907
    Donation Award 
    Rep Power
    568

    Post [TiM's osC Solutions] osCommerce Threat Scanner

    Updated to identify a couple of more known threats.

    Help developing this contribution and fight the evil code out there.

    More...
    Michael Sasek
    osCMax Developer

    osCmax Installation Service     - Have our professionals install osCmax on your server - same day service!
    osCmax 2.5 User Manual - the must have beginners guide to osCmax v2.5

    Stay Up To Date with everything osCMax:
    Free osCmax Newsletters - Security notices, New Releases, osCMax News
    osCmax on Twitter - Up to the minute info as it happens. Know it first.

    osCmax Documentation
  2. 09-08-2010, 01:44 AM #2
    clea023
    clea023 is offline
    Lurker
    Join Date
    Sep 2010
    Posts
    1
    Rep Power
    0

    Default Re: [TiM's osC Solutions] osCommerce Threat Scanner

    terrific contribution! It's been a tremendous help in finding vulnerabilities.

    Any chance future versions will be able to check the real CHMOD status? Scanning through 28 screens (literally) of massively long file locations all followed by [If possible, chmod 644] gets rather rough on the eyes -- difficult to see actual problems.

    I would like to add the left column link so that I don't have to type the file name every time I use the scanner, but there's no way I can let a client see 28 screens of     [If possible, chmod 644] when they login to take care of orders, adjust inventory, view reports, and generally make sure all is happy. All of the files listed are 644 or lower, yet there they are on the list, straining the heck out of my eyes.

    The only thorn not yet fixed is the pesky XSS. I've executed what I THOUGHT were three different fixes for this (including the specific one that threat_scanner.php suggests) and the scanner still shows it as being vulnerable. Is there one SPECIFIC fix it expects to find?
« Email senderror by first or second | Bank Transfer Payment Option »

Similar Threads

  1. [TiM's osC Solutions]
    By michael_s in forum New osCommerce Contributions
    Replies: 0
    Last Post: 01-24-2010, 04:11 PM
  2. [TiM's osC Solutions] osCommerce Threat Scanner
    By michael_s in forum New osCommerce Contributions
    Replies: 0
    Last Post: 01-24-2010, 04:11 PM
  3. [TiM's osC Solutions] SQL-installationsfil
    By michael_s in forum New osCommerce Contributions
    Replies: 0
    Last Post: 12-12-2008, 11:10 AM
  4. [TiM's osC Solutions] SQL-installationsfil
    By michael_s in forum New osCommerce Contributions
    Replies: 0
    Last Post: 02-11-2008, 05:51 PM
  5. OScommerce Security Threat Program/Service Available?
    By stewj1 in forum osCommerce 2.2 Modification Help
    Replies: 1
    Last Post: 12-20-2004, 10:14 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules