Jump to content

 

ProsForPros

Member Since 22 Feb 2008
Offline Last Active Jan 04 2012 09:43 PM
-----

Posts I've Made

In Topic: CS Cart SQL Injection security threat

04 January 2012 - 09:43 PM

I am getting similar threat alerts from the scan company. We cannot get approved for merchant account without resolving this issue.


Result:

Synopsis :Blind SQL injection vulnerability in product_data[130][product_id] parameter to /knife-types/index.php

Description :
A remote attacker could execute SQL commands on the back-end
database, possibly leading to password retrieval, authentication
bypass, unauthorized data access, or unauthorized data
modification.All user-supplied parameters should be checked for illegal
characters, such as a single quote (""), before being used
in an SQL query. See the references below for fix information
for specific products.

Solution:

All user-supplied parameters should be checked for illegalcharacters, such as a single quote (""), before being usedin an SQL query. See the references below for fix informationfor specific products.




Cvssscore:

7.8

Cvssvector:

AV:N/AC:L/Au:N/C:C/I:N/A:N

In Topic: Automatically fill related products

09 August 2011 - 05:20 PM

The first mod seems good, but it still requires manual selection of all products. Is there a way to pull other products from same category automatically?

In Topic: Automatically fill related products

09 August 2011 - 05:14 PM

Check this post http://forum.cs-cart...4-free-add-ons/

be sure to thank the contributor of the addon :)



Wow. Thank you!

In Topic: More Than 4 Free Add-Ons

09 August 2011 - 05:08 PM

Super! Thank you so much for sharing!

In Topic: Custom product details page to add multiple variants at once

10 May 2011 - 03:42 AM

Your link generates a 404 error for me.


I am not sure why it does that. You can try this link here:

http://forever2ne1.c...&page=1&search=

or you can go to

http://forever2ne1.com

and click on any shoes