Comments on: OpenCart CSRF Vulnerability

By: Which shopping cart / ecommerce platform to choose? | DEEP in PHP

Which shopping cart / ecommerce platform to choose? | DEEP in PHP — Thu, 03 Feb 2011 00:34:21 +0000

[...] OpenCart : security issues and not a great support from the main developer. See here and here. [...]

By: A look inside a coder’s ego | Zapotek's train of thought…

A look inside a coder’s ego | Zapotek's train of thought… — Wed, 08 Sep 2010 01:23:30 +0000

[...] asshole will reply like this. (These links prompted me to write this [...]

By: Should We Use OpenCart? | Made of Everything You're Not | Eric Lamb

Should We Use OpenCart? | Made of Everything You're Not | Eric Lamb — Tue, 25 May 2010 07:17:17 +0000

[...] another war going on between Daniel and a developer who found some pretty nasty CSRF issues. Again, Daniel showed his ass (along with a good helping of ignorance mixed with arrogance this time) with nothing being [...]

By: Coffee To Code » Blog Archive » Humble Helps

Coffee To Code » Blog Archive » Humble Helps — Mon, 24 May 2010 06:43:39 +0000

[...] just ran across a post at PreachSecurity about a recent CSRF discovered in OpenCart, and a blog post by the discoverer about his interactions with the maintainer. I share Rafal’s (and Ben’s) frustration [...]

By: Ben Maynard

Ben Maynard — Tue, 09 Feb 2010 03:02:50 +0000

Since this discussion is starting to turn ugly and nothing productive will come out of it, I have disabled comments on this article.

By: Yakiv

Yakiv — Tue, 09 Feb 2010 01:47:10 +0000

@Harre Bellefon – Blogexecute is not my friend, number 1. As for the rest of what you said, you are making gross generalizations which are pathetic and have no substance. What is funny is that you were so compelled to respond to me here. Maybe you’re one of the idiots I have ripped over there. Get a life.

By: Ben Maynard

Ben Maynard — Mon, 08 Feb 2010 23:40:04 +0000

@Harre,

I have shared the source code, it is hosted on GitHub – http://github.com/bmaynard/OpenCart-Secured. You can download source/view all the changes I have made. If you mean share my changes with Daniel, then I offered to help fix the problem but he wasn’t interested.

By: Harre Bellefon

Harre Bellefon — Mon, 08 Feb 2010 21:06:13 +0000

Well Yakiv, I’m glad that you have found your way here, I hope that Ben will read on the OC forums what your main type of responce is when you don’t get what you want. You are nothing but a little kid, screaming and shouting when it does not gets its candy. I’m wondering when your friend Blogexecute will show up here.

@Ben, sorry your not sharing your code.

By: Ben Maynard

Ben Maynard — Mon, 08 Feb 2010 16:46:45 +0000

@Harry,

I will be maintaining the forked version at the present time and will continue to support it for as long as possible. I have just posted on the thread that I saw with some information but I have offered to share the fix but the developer is not interested.

@Yakiv,

The only updates I will be doing to the fork is security updates and will not add new features/improve the project as I don’t like 90% of the code. I wish to create my own e-commerce application but I have to try and find time to do this so will have to see how that goes.

By: Yakiv

Yakiv — Sat, 06 Feb 2010 20:10:41 +0000

@Ben, I was alerted to this post by another member of the forums on OpenCart.com. I will keep an eye on the thread. In general, I find Daniel to be very likable, so this blog post (with comments) is a bit surprising. However, his global moderators are allowed to act like arrogant jerks, delete posts without explanation, ban useful members, etc. The community there is horrible. …If you do truly fork OpenCart, I mean as a full-fledged open source project, please let me know. I do like OpenCart very much, but there are some basic flaws that prevent me from using it in production, namely the fact that there is no true modularity to the plugins. The process of installing and maintaining plugins and the core code base is down-right insane and I am not prepared to have regular migraines from using the software with customers.