Welcome, Guest ( Customer Panel | Login )




 All Forums
 VPCart Forum
 Problems and bugs
 problem with session using sql word cast
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

kandi27
Starting Member

6 Posts

Posted - November 09 2010 :  11:27:32  Show Profile  Visit kandi27's Homepage  Reply with Quote
I am at a dead end and need help. My host company is claiming that the session variable that the vpasp shopping cart is using this...

2010-11-08 17:09:10 10.100.196.186 222592490 POST /shop/shopaddtocart.asp Rejected rule+'SQL+Injection+Headers'+triggered Cookie: __utma=178612083.824035891.1289236137.1289236137.1289236137.1;+__utmb=178612083;+__utmc=178612083;+__utmz=178612083.1289236137.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none);+aspsessionidcastarct=fgnljpidbpbpkajhgejimckn cast

...most of it is garble to me, but the important part is the session part and that it uses the word cast in it which is a sql verb. Which means because of possible SQL injections it is being blocked by the host. Which also means they have just taken down any part of the shopping cart.

The site is an older version 5.0 and this has finally convinced the client we need to upgrade, however I would like to fix this so that we have the time to put the other in place properly and the client can still get orders.

I have looked through all the docs, forums, and on the website itself to see where it creates the session and how it is putting cast in it, but have found nothing.

Can someone point me to see where I would change this and if it can be changed without causing a problem with the operations of the site? Or maybe someone can tell me if the host might have something to do with it.

Please help!!

kandi27
Starting Member

6 Posts

Posted - November 09 2010 :  17:49:00  Show Profile  Visit kandi27's Homepage  Reply with Quote
Okay so I found out what happen and why this issue came about. Hopefully this is already something institute in the new version of the cart just to keep this rare issue from happening. And if not at least helps anyone else that should have this random issue pop up.

The cart creates a random session variable approximately every day, coincidentally yesterday my client's cart created a session variable that had the word cast in it. aspsessionidcastarct

Thinking that this was a possible SQL Injection, the host automatically blocked all pages that used it. Even though the structure on this wouldn't work even if it was. Hopefully they will change their rules too, but anyway hope this helps others.
Go to Top of Page

support
Administrator

4679 Posts

Posted - November 09 2010 :  18:58:26  Show Profile  Visit support's Homepage  Reply with Quote
Good to hear it has been resolved.

Thank you.

Cam Flanigan
VP-ASP Cart Support

Follow us on Twitter:
http://www.twitter.com/vpasp
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000
0 Item(s)
$0.00