Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

ZhenIT Software

Members
 View Profile  See their activity

  • Content count

    2

  • Joined

  • Last visited

Community Reputation

0 Neutral

See reputation activity

1 Follower

About ZhenIT Software

  • Birthday 02/07/1976

Profile Information

  1. ZhenIT Software started following psdmedia
  2. ZhenIT Software

    El módulo de Unicaja http://addons.oscommerce.com/profile/190762

    No hace ninguna comprobación de ningún tipo ni antes de envíar los datos ni antes de procesar el pedido.

    Esto permite manipular el importe a pagar pro parte del cliente. O lo que es más sencillo saltarse el paso de introducir la tarjeta simplemente poniendo en el navegador http://{tienda}/{catalog}/checkout_pro

  3. ZhenIT Software started following bitarlan
  4. ZhenIT Software started following JangoF
  5. ZhenIT Software

    High risk payment modules

    ZhenIT Software posted a topic in Other

    There are al least, two contributions that use the exec() command without checking the paramters that are passed to it. It's not very difficult to build malicious url that exploit this fact to execute code throught this. So please, on behalf of shop owners, warn about it or disable them till they are fixed. the first one was originally posted by us: http://www.oscommerce.com/community/contributions,3168 And the other one is: http://www.oscommerce.com/community/contributions,4997
  6. ZhenIT Software started following saisatha
  7. saisatha started following ZhenIT Software
  8. ZhenIT Software

    article manager 1.2b-1054-'a.authors_id'

    ZhenIT Software replied to fimilola's topic in General Add-Ons Support

    Change: $articles_new_query_raw = "select a.articles_id, a.articles_date_added, ad.articles_name, ad.articles_head_desc_tag, au.authors_id, au.authors_name, td.topics_id, td.topics_name from " . TABLE_ARTICLES . " a, " . TABLE_ARTICLES_TO_TOPICS . " a2t left join " . TABLE_TOPICS_DESCRIPTION . " td on a2t.topics_id = td.topics_id left join " . TABLE_AUTHORS . " au on a.authors_id = au.authors_id, " . TABLE_ARTICLES_DESCRIPTION . " ad where (a.articles_date_available IS NULL or to_days(a.articles_date_available) <= to_days(now())) and a.articles_id = a2t.articles_id and a.articles_status = '1' and a.articles_id = ad.articles_id and ad.language_id = '" . (int)$languages_id . "' and td.language_id = '" . (int)$languages_id . "' and a.articles_date_added > SUBDATE(now( ), INTERVAL '" . NEW_ARTICLES_DAYS_DISPLAY . "' DAY) order by a.articles_date_added desc, ad.articles_name"; to: $articles_new_query_raw = "select a.articles_id, a.articles_date_added, ad.articles_name, ad.articles_head_desc_tag, au.authors_id, au.authors_name, td.topics_id, td.topics_name from " . TABLE_ARTICLES . " a left join " . TABLE_ARTICLES_TO_TOPICS . " a2t on (a.articles_id=a2t.articles_id) left join " . TABLE_TOPICS_DESCRIPTION . " td on a2t.topics_id = td.topics_id left join " . TABLE_AUTHORS . " au on a.authors_id = au.authors_id, " . TABLE_ARTICLES_DESCRIPTION . " ad where (a.articles_date_available IS NULL or to_days(a.articles_date_available) <= to_days(now())) and a.articles_id = a2t.articles_id and a.articles_status = '1' and a.articles_id = ad.articles_id and ad.language_id = '" . (int)$languages_id . "' and td.language_id = '" . (int)$languages_id . "' and a.articles_date_added > SUBDATE(now( ), INTERVAL '" . NEW_ARTICLES_DAYS_DISPLAY . "' DAY) order by a.articles_date_added desc, ad.articles_name"; same mechanics :D
×