Your Cart

Shopping Cart Items: 0   Sub-Total : $0.00    View Cart    Checkout
Welcome, Guest ( Customer Panel | Login )


Home | Profile | Register | Active Topics | Members | Search | FAQ


Forgot your Password?
 All Forums
 VPCart Forum
 VP-ASP 6.50 Features and Facilities
 SQL injection		  New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

RNN
VP-CART New User

USA
54 Posts
Posted - August 27 2007 :  11:14:25  Show Profile  Visit RNN's Homepage  Reply with Quote
Not sure this is currently addressed in the patches.

this is from SiteAdvisor.

We recommend that you review your security practices and establish safeguards to prevent this type of attack from re-occurring. For example, a simple check on user input can be done to filter out invalid characters or any content that might be considered "active" if rendered in a web page (such as "<" and ">" tags). Sites that are successfully hijacked like this are likely to be "re-attacked" in the future.


Sincerely,

Andrew Lebrun
McAfee SiteAdvisor

Bob

lynch
VP-CART New User

USA
74 Posts
Posted - August 27 2007 :  14:57:19  Show Profile  Reply with Quote
I know this has been addressed in a variety of patches and updates for version 5.00, which I use, and I believe this kind of cleaning is built into current versions from the beginning.

If you look in your copy of shop$db.asp, you'll probably find a routine called "CleanChars" which strips out a variety of things to prevent SQL injection and other kinds of malice.
Go to Top of Page

support
Administrator

4679 Posts
Posted - August 27 2007 :  20:27:39  Show Profile  Visit support's Homepage  Reply with Quote
Hi Andrew,

These issues have certainly been addressed in version 6.00 and 6.50.

You can apply them to earlier versions by going to our security patches page and either downloading the updates or applying them manually to your pages if you have a customised store:
http://www.vpasp.com/virtprog/info/faq_security.htm

Thanks
Cam

VP-ASP Support
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000
0 Item(s)
$0.00
  • Your Cart Is Empty