PRB Potential Security Issue: Changing product prices (Security Violation Detected and Recorded message)

Article # 5127 Print Article Print Article

The information in this article applies to this particular SalesCart Product(s): 
STD, PRO, SQL


SYMPTOMS
You may be able to manipulate product prices that are sent to the shopping cart using programs like Achilles. However, these prices are subject to your review before processing.

CAUSE
You do not have the latest checkpost.asp file to guard against this.

RESOLUTION

Download the following zip:

>> Checkpost for SalesCart

Extract path.asp and checkpost.asp to the cgi-bin folder in your current SalesCart website. Insert the following line as the second line in each of your product pages:

<!--#include file="../cgi-bin/path.asp" -->


The preceding path is for product pages that are contained in a folder off the root web. Modify the path to suit your situation. The zip includes an example product page for SalesCart PRO. Your product pages should also be named with a .asp extension.

There is an additional step for SalesCart STD. Open shop1.asp and include the following line before the checkpost entry:

<!--#include file="../cgi-bin/cmail.asp" -->

and save CMail.asp which is included in the zip to your cgi-bin folder.

Update 02/24/03: If you are using SalesCart PRO 1.5 or below, be sure to remove the checkpost.inc include from the shop1.asp page.

SUMMARY
Using programs like Achilles, you may be able to modify product prices and have the new product prices be reflected in the shopping cart.

STATUS
SalesCart is continually being updated to improve security.

REFERENCE
No references


Additional Query Words: security, Achilles, changing, prices, products, checkpost.asp,security,violation,detected,part number,posting

Active/inactive: Active
Author:
 William Cheung
Date:
 10/11/02 Updated 02/25/03


* If you have an older version of SalesCart Standard, PRO, SQL and didn't find what you are looking for try the FAQ's archive. Click here!


ComCity® and SalesCart™ are trademarks of ComCity LLC. All other products mentioned are registered trademarks or trademarks of their respective companies.
Copyright © 1995-2014 ComCity LLC. All rights reserved.
  Last modified: Thursday May 29, 2014