Security research finds osCommerce vulnerable to hackers


One of the most widely used e commerce software, osCommerce, which has been in the market for the last twelve years and being used by more than 14000 customers, has been researched to be vulnerable to hackers.

Security researchers at University of California at Davis have researched that since osCommerce is open source software, it can be hacked easily and the vendors can be misled and robbed. Open source software enables any programmer on the net to contribute and make improvements in it. This seems to be going against it as it also means that hackers worldwide have easy access to its source codes, enabling them to twist or tweak it.

OsCommerce enables vendors to manage their online transactions. According to Fangqi Sun, one of the researchers working with Professor Zhendong Su, the software’s payment modules are vulnerable to logic attacks which allow the user to fool the vendor into believing that the payment has already been made where as one can payless or even nothing. They even tried and were successful in tweaking the HTTP requests and enabling to get orders from vendors by paying in US Dollars instead of the marked British Pounds, thereby saving money on the exchange rate. Goods bought however were returned to the respective vendors.

The research team has informed the owners of osCommerce about the vulnerabilities and also helps to patch the software.


Leave a Reply