Your Cart

Shopping Cart Items: 0   Sub-Total : $0.00    View Cart    Checkout
Welcome, Guest ( Customer Panel | Login )


Home | Profile | Register | Active Topics | Members | Search | FAQ


Forgot your Password?
 All Forums
 VPCart Forum
 Credit card fraud and hackers
 Security Hole		  New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

Superal
VP-CART Expert

Canada
542 Posts
Posted - March 03 2003 :  11:33:26  Show Profile  Reply with Quote
In the file shopa_configlist.asp line 6 change shopcheckadmin "" to shopcheckadmin "shopa_config.asp"

This is a security hole that NEEDS plugging ASAP

Support has been alerted.

Andy
VP-CART New User

Canada
85 Posts
Posted - March 03 2003 :  15:32:36  Show Profile  Visit Andy's Homepage  Reply with Quote
Same for 4.0 AND 4.50??
Go to Top of Page

support
Administrator

4679 Posts
Posted - March 03 2003 :  15:37:19  Show Profile  Visit support's Homepage  Reply with Quote
We believe this is not a major security hole but it is a something you should chnage if the following applies.

It only affects customers that have
1. Multiple administrators
2. Use the xadminmenucheck facility
3. Do not trust their secondary administrators

Only logged in administrators would have access to this file. It does not make it available to the public.

Howard Kadetz
VP-ASP
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000
0 Item(s)
$0.00
  • Your Cart Is Empty