Latest News: (loading..)

cornishpirate

Member Since 05 Feb 2008
Offline Last Active Today, 07:34

Find content

Community Stats

Group Community Member
Active Posts 108 (0.07 per day)
Most Active In General Add-Ons Support (47 posts)
Profile Views 15,824
Age Age Unknown
Birthday Birthday Unknown
Real Name
Alan
Gender
Not Telling
Location
Cornwall, England

Contact Information

Website URL http://

0 Neutral

Friends

Latest Visitors

khubab
23 Feb 2012, 01:46
burt
12 May 2011, 12:49
DunWeb
05 Jul 2010, 03:56
tony4live
08 Dec 2009, 10:16
PuffDandEd
13 Nov 2009, 18:40

Posts I've Made

In Topic: Redesigning and dev environment

15 November 2011, 17:07

I registered another domain just for testing and made it only accessible with username/password.

I prefer to keep ALL testing as far away as possible from my live site!

In Topic: Redesigning and dev environment

15 November 2011, 16:48

XAMPP on local server.

Couldn't do without it!

In Topic: [contribution] Security Pro - Querystring protection against hackers.

29 September 2011, 08:29

In the UK, Streamline, now part of Worldpay, are pushing hard for PCI DSS compliance. They've teamed up with TrustWave and we've been encouraged to use their TrustKeeper IP Scanning system for vulnerabilities.

The only item my site is failing on is XSS, despite the magnificent presence of Security Pro 2!!

URL: ....../product_info.php?products_id=%3Cscript%3Ealert%28TK00000004%29%3C%2Fscript%3E
Body matches:
Vulnerability type: Reflected Cross-Site Scripting
Vulnerable input type: URL Query Parameter
Vulnerable input name: products_id

This may be a very dubious failure, but many of us will have to deal with it.

Any thoughts?

In Topic: ULTIMATE Seo Urls 5 - by FWR Media

08 September 2011, 15:46

I use a few ReWriteRule in my htaccess in the form

RewriteRule ^(.*)-p-717.html$ product_info.php?products_id=616

When invoked, the USU5 404 page gets displayed, whereas with 'SEO URLs', it worked fine.

Any thoughts on how I can get round this?

In Topic: ULTIMATE Seo Urls 5 - by FWR Media

19 August 2011, 08:32

cornishpirate, on 19 August 2011, 07:52, said:

In the interests of security, I have changed the names of almost all root PHP scripts.

USU5 is working fine for me except for the fact that generated URLs stay in the original format (product_id etc)

If I set everything to revert to 'product_info.php', then it behaves as I would expect.

Since all references are to FILENAME_PRODUCT_INFO, this is a mystery.

Any thoughts.

Upgraded to r205. Same problem.