PRB Potential Security Issue: Changing product prices (Security Violation Detected and Recorded message)

Article # 5127

The information in this article applies to this particular SalesCart Product(s): 

You may be able to manipulate product prices that are sent to the shopping cart using programs like Achilles. However, these prices are subject to your review before processing.

You do not have the latest checkpost.asp file to guard against this.


Download the following zip:

>> Checkpost for SalesCart

Extract path.asp and checkpost.asp to the cgi-bin folder in your current SalesCart website. Insert the following line as the second line in each of your product pages:

<!--#include file="../cgi-bin/path.asp" -->

The preceding path is for product pages that are contained in a folder off the root web. Modify the path to suit your situation. The zip includes an example product page for SalesCart PRO. Your product pages should also be named with a .asp extension.

There is an additional step for SalesCart STD. Open shop1.asp and include the following line before the checkpost entry:

<!--#include file="../cgi-bin/cmail.asp" -->

and save CMail.asp which is included in the zip to your cgi-bin folder.

Update 02/24/03: If you are using SalesCart PRO 1.5 or below, be sure to remove the include from the shop1.asp page.

Using programs like Achilles, you may be able to modify product prices and have the new product prices be reflected in the shopping cart.

SalesCart is continually being updated to improve security.

No references

Additional Query Words: security, Achilles, changing, prices, products, checkpost.asp,security,violation,detected,part number,posting

Active/inactive: Active
 William Cheung
 10/11/02 Updated 02/25/03