Hi guys,
Do you know how to identify if one website is using cs-cart? even if there already done some heavy modification? I just check out wallmart.com and I think it's also using cs-cart. Is that true?
No. Not even close. It looks like their site is based off of a Struts Java Application. [url=“http://struts.apache.org/”]http://struts.apache.org/[/url]
All you need to do is add ?version to any domain to see if it is using cs-cart. If it is it will display the cs-cart version.
wow… that’s cool, thanks a lot
hmm i see this as a securety risk :-/
is it posible to block this feture? (?version)
You could bracket the code in init.php to be conditional upon AREA == 'A'
Hi tbirnseth
can you be more spesific?
i have changed this line
if (isset($_REQUEST['version'])) {
to
if (isset($_REQUEST['SOME THING ELS HERE'])) {
so that i can still get the info but with some secret word or frase.
but if it is posible to only get the info wen logd in to admin panel that would be great and better i think
I would simply change it to read:
if ( AREA == 'A' && isset($_REQUEST['version'])) {
This would require you to be logged in via admin. But note that this might make getting support from cs-cart a bit more difficult since they would not be able to truly identify the version in offering advice. You would have to give them admin access to your store.
Choice for each merchant to make. So far, I don't think there are any known vulnerabilities and hence knowing the version is not an advantage to anyone.
It's also used for updates so modifying the actual version name would cause a problem.
@tool - you sure about that? I thought it siimply used the define CART_VERSION
Not a 100% sure but I think I had changed it some years ago and had issues with the upgrade.