Jump to content

Archived

This topic is now archived and is closed to further replies.

celeroncillo

Checkout Payment page is vulnerable VER.2.3.1

Recommended Posts

Hello, I have the Oscommerce 2.3.1, and the Threat Scanner V1.0 contribution instaled, but i can´t correct this fix:

 

Checkout Payment page is vulnerable, Please read more about this at

Contact Us Vulnerability! (http://www.vupen.com/english/advisories/2005/0171) AND

Contact Us osCommerce Fix (http://www.oscommerce.com/community/contributions,2976)

 

I change this line in my file checkout_payment.php:

 

<?php echo tep_draw_textarea_field('comments', 'soft', '60', '5', $comments); ?>

 

Change for:

 

<?php echo tep_draw_textarea_field('comments', 'soft', '60', '5', tep_sanitize_string($_POST['comments']), '', false); ?>

 

 

But the vulnerabylity continues appear, why??

 

Is correct this change?.

Is other bug??

 

Thanks for all.

Share this post


Link to post
Share on other sites

×