Potential Security Issue: Changing product prices (Security Violation Detected and Recorded message)
The information in this article applies
to this particular SalesCart Product(s):
STD, PRO, SQL
You may be able to manipulate product prices that are sent to the shopping cart using programs like Achilles. However, these prices are subject to your review before processing.
You do not have the latest checkpost.asp file to guard against this.
Download the following zip:
Checkpost for SalesCart
Extract path.asp and checkpost.asp to the cgi-bin folder in your current
SalesCart website. Insert the following line as the second line in each of your
<!--#include file="../cgi-bin/path.asp" -->
The preceding path is for product pages that are contained in a folder off the
root web. Modify the path to suit your situation. The zip includes an example
product page for SalesCart PRO. Your product pages should also be named with a
There is an additional step for SalesCart STD. Open shop1.asp and include the
following line before the checkpost entry:
<!--#include file="../cgi-bin/cmail.asp" -->
and save CMail.asp which is included in the zip to your cgi-bin folder.
Update 02/24/03: If you are using SalesCart PRO 1.5 or below, be sure to
remove the checkpost.inc include from the shop1.asp page.
Using programs like Achilles, you may be able to modify product prices and have the new product prices be reflected in the shopping cart.
SalesCart is continually being updated to improve security.
Words: security, Achilles, changing, prices, products, checkpost.asp,security,violation,detected,part number,posting
Author: William Cheung
Date: 10/11/02 Updated 02/25/03