osCommerce and osCMax shopping cart software forums

Shopping Cart Software

osCommerce with teeth!

 

Image Validation

This is a discussion on Image Validation within the New osCommerce Contributions forums, part of the osCommerce 2.2 Forums category; Not long ago when password security on our web site accidentally got turned off our web site was hacked by ...


Go Back   osCommerce and osCMax shopping cart software forums > osCommerce 2.2 Forums > New osCommerce Contributions

Image Validation Image Validation

Register FAQ Members List Calendar Mark Forums Read


Free community membership! Fast easy FREE membership
Reply

 

LinkBack Thread Tools
  #1  
Old 06-21-2007, 01:00 PM
michael_s's Avatar
osCMax Developer

  
Join Date: Jul 2002
Location: Phoenix, AZ
Posts: 10,329
Thanks: 68
Thanked 322 Times in 305 Posts
Rep Power: 10
michael_s has a reputation beyond reputemichael_s has a reputation beyond reputemichael_s has a reputation beyond reputemichael_s has a reputation beyond reputemichael_s has a reputation beyond reputemichael_s has a reputation beyond reputemichael_s has a reputation beyond reputemichael_s has a reputation beyond reputemichael_s has a reputation beyond reputemichael_s has a reputation beyond reputemichael_s has a reputation beyond repute
Post Image Validation
Not long ago when password security on our web site accidentally got turned off our web site was hacked by using a security hole in osCommerce. The hacker uploaded a PHP file to our server by choosing it instead of an image file for one of the categories on our web site using categories maintenance in the admin section. When the "image" was then displayed it loaded the hack onto our server. If osCommerce validated image files like it should then the hacker would never have been able to hack the site.

While osCommerce has the ability to restrict the file types for uploads built in, for some reason it was not used to prevent invalid file types from being uploaded as images in category and product maintenance and in manufacturer maintenance. This simple modification fixes this security flaw by requiring that the image files chosen for categories, products or manufacturers be one of the four types of image files that can universally be displayed by web browsers.

Both instructions and completed PHP files are included in the download.

More...
__________________
Michael Sasek
osCMax Developer

  • osCMax Templates - Hundreds of premium quality templates. New designs every month!

  • xShop for osCMax - Windows Based osCMax administration. Improved workflow, security, speed and convenience.

  • osCMax Hosting - From basic hosting to High Availability, Load Balanced arrays, the most experienced osCMax host.

  • osCMax Template Tutorial - Learn how to make your own custom templates and how to use the powerful features of the osCMax template system.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« At text to Shipping_cart.php | osCommerce Google Analytics module »
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads

Thread Thread Starter Forum Replies Last Post
Anti Robot Registration Validation 1.0 + images michael_s New osCommerce Contributions 0 01-21-2007 07:11 AM
Validation in admin chitta_rn osCMax v2 Customization/Mods 0 02-17-2006 06:17 AM
AUTHORIZE.NET VALIDATION FIELDS-HELP whazzy osCMax v1.7 Discussion 0 03-28-2005 06:52 AM
Email validation issue webguy262 osCommerce 2.2 Installation Help 0 06-24-2004 10:20 AM
Zip code files/validation Skidude osCommerce 2.2 Modification Help 0 09-19-2003 07:54 AM


All times are GMT -8. The time now is 11:19 AM.

osCMax Home - Site Map - Top

Powered by vBulletin®
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO
http://www.oscmax.com/forums/
Copyright 2008 osCMax