VP-ASP :: Shopping Cart Software

Shopping Cart Software Solutions for anywhere in the World

US/Canada(Toll Free): +1 888 587 2278
Europe/UK: +44 (020) 7193 9408
Australia/New Zealand: +61 3 9016 4497

VP-ASP Shopping Cart Customer Forum

Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 VPCart Forum
 VP-ASP 6.50 Features and Facilities
 SQL injection
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

RNN
VP-ASP New User

USA
54 Posts

Posted - August 27 2007 :  11:14:25  Show Profile  Visit RNN's Homepage  Reply with Quote
Not sure this is currently addressed in the patches.

this is from SiteAdvisor.

We recommend that you review your security practices and establish safeguards to prevent this type of attack from re-occurring. For example, a simple check on user input can be done to filter out invalid characters or any content that might be considered "active" if rendered in a web page (such as "<" and ">" tags). Sites that are successfully hijacked like this are likely to be "re-attacked" in the future.


Sincerely,

Andrew Lebrun
McAfee SiteAdvisor

Bob

lynch
VP-ASP New User

USA
74 Posts

Posted - August 27 2007 :  14:57:19  Show Profile  Reply with Quote
I know this has been addressed in a variety of patches and updates for version 5.00, which I use, and I believe this kind of cleaning is built into current versions from the beginning.

If you look in your copy of shop$db.asp, you'll probably find a routine called "CleanChars" which strips out a variety of things to prevent SQL injection and other kinds of malice.
Go to Top of Page

support
Administrator

4266 Posts

Posted - August 27 2007 :  20:27:39  Show Profile  Visit support's Homepage  Reply with Quote
Hi Andrew,

These issues have certainly been addressed in version 6.00 and 6.50.

You can apply them to earlier versions by going to our security patches page and either downloading the updates or applying them manually to your pages if you have a customised store:
http://www.vpasp.com/virtprog/info/faq_security.htm

Thanks
Cam

VP-ASP Support
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000