The Cart Blog

Sunday, March 13, 2011

Zen Cart Security – are you up to date?

Filed under: Security,That Software Guy,Zen Cart — thatsoftwareguy @ 12:43 pm

If you’re running a version of Zen Cart prior to 1.3.9, you must must must apply the known critical patches for you rZen Cart version.  I came across a site just this weekend that had the earliest version of this hack I had ever seen.  Going to Admin->Extras->Record Companies showed this in the right hand sidebar:

Pressing the edit button on this shows that it’s not an image at all, but rather a PHP file called “own.php”:

This was done 6/25/09, and the announcement of the vulnerability was made 06/19/09.

The best way to prevent this from happening to you is to upgrade to the latest version of Zen Cart!

It’s very important to stay on top of Zen Cart Security Announcements.  Follow that link and then click on the link that says “Click here to subscribe to these announcements.”

And while you’re at it, subscribe to That Software Guy’s Zen Cart Newsletter.  I nag people to stay on top of things like this!

Tuesday, March 18, 2008

The weirdest sanction yet

Filed under: Business,Security — thatsoftwareguy @ 10:13 am

TJ Maxx is being ordered to hold a one-day “we got hacked” sale as part of their punishment for lax data security.  Tip to shoppers: pay with cash. :)

Saturday, March 1, 2008

First reported security flaw in Interspire Shopping Cart

Filed under: Cart Vendors,Security — thatsoftwareguy @ 11:05 am

Interspire (formerly StoreSuite) was found to have an XSS vulnerability.  It takes time to armor against these things; hopefully they’re doing that now.

Powered by WordPress