Welcome, Guest ( Customer Panel | Login )




 All Forums
 VPCart Forum
 General help me questions
 Vulnerability in saved trolleys ? (and elsewhere)
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

DavidKay
Starting Member

8 Posts

Posted - November 12 2008 :  04:24:27  Show Profile  Reply with Quote
We have a problem that when a user saves their cart, they can place any kind of html tags inside the input box which they want to name their cart like.

Won't this allow a form to run remote scripts and thereby meaning the whole site could be hacked and card details / customer information stolen ?

Also if this is happening here, are there any other places where this is happening allowing html tags to be response.written straight back into the page ?

Has VPASP got a fix for this problem ?

Thanks,
David

carfin
VP-CART Expert

United Kingdom
948 Posts

Posted - November 12 2008 :  04:52:22  Show Profile  Reply with Quote
Hi David,

the VP-ASP cart has a pretty good customer input field text cleanser that will check for any offending characters (from a regularly updated list patch) and remove them. Our site has not had any problems so far.

Regards,


Carrol
www.deanston-electrical.co.uk
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000
0 Item(s)
$0.00