Plasahosting Blogs
Web Hosting murah Indonesia

Zen Cart Security Vulnerability Alert + Patch

June 28th 2009 in News

Zen Cart Security Vulnerability Alert + Patch

Please pardon this mass email. If you are running a Zen Cart store, it’s important that you read this message and take action immediately.

A vulnerability has been discovered in the admin section of v1.3.8 (and previous versions). To take advantage of this vulnerability any attacker must know the URL of your admin section. As our security recommendations point out, you should change the folder that your admin resides in as soon as you installed Zen Cart.

SO — THE FIRST STEP YOU **NEED** TO TAKE is to rename your /admin/ folder!
http://tutorials.zen-cart.com/index.php?article=33

However we realise that relying on this ‘Security through Obscurity’ is not foolproof,
hence the release of a patch, which can be downloaded from the Zen Cart Support forum, here: http://www.zen-cart.com/forum/showthread.php?t=130161

The zip file there contains a readme.html with full details on how to install the security patch files. The security patch uses Zen Cart’s override system to make installation as simple as possible.

The security patch will work for previous versions in the 1.3.x series.

Older releases i.e v1.2.x are no longer supported and the patch has not been fully tested on those versions, however some parts of the patch should still work with v1.2.x (again see the readme.html file). However we strongly advise anyone using the 1.2.x versions to upgrade to 1.3.8 as soon as possible.

The Zen Cart Team takes security matters very seriously. But security is only as good as those who follow posted recommendations. Please apply the appropriate patches and security measures promptly, for your own benefit.

SUMMARY: Your Action Steps are:

1. RENAME YOUR ADMIN FOLDER !!!!!
Yes, if you haven’t already renamed your /admin/ folder, do it NOW!
Instructions can be found here: http://tutorials.zen-cart.com/index.php?article=33

2. APPLY THE SECURITY PATCH !!!
http://www.zen-cart.com/forum/showthread.php?t=130161

3. Subscribe yourself to the Zen Cart Announcements mailing list:
http://www.zen-cart.com/forum/subscription.php?do=addsubscription&f=2

4. Keep your site’s Zen Cart software up-to-date at all times. Numerous bugs, improvements, and security fixes are included in every new release. It is in your best interests to remain current.
http://www.zen-cart.com/forum/forumdisplay.php?f=2

Sincerely,
The Zen Cart Team




required



required - won't be displayed


Your Comment:




Tidak terasa plasahosting sudah 5 tahun melayani public dengan menjual Domain Hosting dan Webdesign.
Banyaknya hambatan dan cobaan yang sudah dilalui. Pahit manis perjalanan menjadikan modal kami memperbaiki layanan ke pelanggan.

Apa yang baru di tahun ke 5 ini :

– Bandwidth setiap paket lebih besar.
– Penambahan paket Hosting baru.
– Menu Renew hosting dan Upgrade Hosting, harga […]

Previous Entry

Beberapa status code yang sering ditemui saat runtime websites yang menggunakan apache
Kode-kode ini sangat penting untuk diperhatikan mengingat banyaknya webmaster yang tidak paham dengan maksud dari kode yang ditampilkan.

Kode yang sering ditemui salah satunya Error 404 dan Error 403.
Error 404 disebabkan karena file tidak ditemukan/tidak ada/belum diupload.
Kejadian ini juga sering ditampilkan bila menggunakan mod_write di […]

Next Entry