VP-ASP :: Shopping Cart Software

Shopping Cart Software Solutions for anywhere in the World

US/Canada(Toll Free): +1 888 587 2278
Europe/UK: +44 (020) 7193 9408
Australia/New Zealand: +61 3 9016 4497

VP-Cart StoreFront Customer Forum

Home | Profile | Register | Active Topics | Members | Search | FAQ
Save Password
Forgot your Password?

 All Forums
 VPCart Forum
 Problems and bugs
 Saved Cart''s and Wishlist
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

Starting Member

14 Posts

Posted - April 02 2005 :  21:16:42  Show Profile  Reply with Quote
Not sure if this happens with saved carts, but I recently saved a cart with a small quote in the name "Zach's Cart" and it causes a SQL fail error if you attempt to restore or delete because the quote is not escaped. I was able to escape the quote in the actual URL string and get the cart deleted, but it would not be so easy for a non developer to figure out what was wrong.

VP-ASP Super User

304 Posts

Posted - April 03 2005 :  00:23:05  Show Profile  Reply with Quote
Could this be used as a SQL injection vulnerability?

Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000