OSCommerce Session Fixation Vulnerability
There is a flaw in the way OSCommerce handles sessions. When a client visits a OSCommerce web page, the server sends a cookie. That cookie will be the session cookie for every further requests. Thus, once logged in, the cookie will be used to authenticate the user. When logging in without cookies...