VP-ASP :: Shopping Cart Software

Shopping Cart Software Solutions for anywhere in the World

US/Canada(Toll Free): +1 888 587 2278
Europe/UK: +44 (020) 7193 9408
Australia/New Zealand: +61 3 9016 4497

VP-ASP Shopping Cart Customer Forum

Home | Profile | Register | Active Topics | Members | Search | FAQ
Save Password
Forgot your Password?

 All Forums
 VPCart Forum
 Credit card fraud and hackers
 Security Hole
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

VP-ASP Expert

542 Posts

Posted - March 03 2003 :  11:33:26  Show Profile  Reply with Quote
In the file shopa_configlist.asp line 6 change shopcheckadmin "" to shopcheckadmin "shopa_config.asp"

This is a security hole that NEEDS plugging ASAP

Support has been alerted.

VP-ASP New User

85 Posts

Posted - March 03 2003 :  15:32:36  Show Profile  Visit Andy's Homepage  Reply with Quote
Same for 4.0 AND 4.50??

Go to Top of Page


4263 Posts

Posted - March 03 2003 :  15:37:19  Show Profile  Visit support's Homepage  Reply with Quote
We believe this is not a major security hole but it is a something you should chnage if the following applies.

It only affects customers that have
1. Multiple administrators
2. Use the xadminmenucheck facility
3. Do not trust their secondary administrators

Only logged in administrators would have access to this file. It does not make it available to the public.

Howard Kadetz

Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000