VP-ASP :: Shopping Cart Software

Shopping Cart Software Solutions for anywhere in the World

US/Canada(Toll Free): +1 888 587 2278
Europe/UK: +44 (020) 7193 9408
Australia/New Zealand: +61 3 9016 4497

VP-ASP Shopping Cart Customer Forum

Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 VPCart Forum
 General help me questions
 Vulnerability in saved trolleys ? (and elsewhere)
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

DavidKay
Starting Member

8 Posts

Posted - November 12 2008 :  04:24:27  Show Profile  Reply with Quote
We have a problem that when a user saves their cart, they can place any kind of html tags inside the input box which they want to name their cart like.

Won't this allow a form to run remote scripts and thereby meaning the whole site could be hacked and card details / customer information stolen ?

Also if this is happening here, are there any other places where this is happening allowing html tags to be response.written straight back into the page ?

Has VPASP got a fix for this problem ?

Thanks,
David

carfin
VP-ASP Expert

United Kingdom
948 Posts

Posted - November 12 2008 :  04:52:22  Show Profile  Reply with Quote
Hi David,

the VP-ASP cart has a pretty good customer input field text cleanser that will check for any offending characters (from a regularly updated list patch) and remove them. Our site has not had any problems so far.

Regards,


Carrol
www.deanston-electrical.co.uk
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000