|
PRB:
Potential Security Issue: Changing product prices (Security Violation Detected and Recorded message)
 Article #:
5127 |
The information in this article applies
to this particular SalesCart Product(s):
STD, PRO, SQL
SYMPTOMS
You may be able to manipulate product prices that are sent to the shopping cart using programs like Achilles. However, these prices are subject to your review before processing. |
CAUSE
You do not have the latest checkpost.asp file to guard against this.
RESOLUTION
Download the following zip:
>>
Checkpost for SalesCart
Extract path.asp and checkpost.asp to the cgi-bin folder in your current
SalesCart website. Insert the following line as the second line in each of your
product pages:
<!--#include file="../cgi-bin/path.asp" -->
The preceding path is for product pages that are contained in a folder off the
root web. Modify the path to suit your situation. The zip includes an example
product page for SalesCart PRO. Your product pages should also be named with a
.asp extension.
There is an additional step for SalesCart STD. Open shop1.asp and include the
following line before the checkpost entry:
<!--#include file="../cgi-bin/cmail.asp" -->
and save CMail.asp which is included in the zip to your cgi-bin folder.
Update 02/24/03: If you are using SalesCart PRO 1.5 or below, be sure to
remove the checkpost.inc include from the shop1.asp page.
SUMMARY
Using programs like Achilles, you may be able to modify product prices and have the new product prices be reflected in the shopping cart.
STATUS
SalesCart is continually being updated to improve security.
REFERENCE
No references
Additional
Query Words: security, Achilles, changing, prices, products, checkpost.asp,security,violation,detected,part number,posting
Active/inactive: Active
Author: William Cheung
Date: 10/11/02 Updated 02/25/03
|