Jump to content

Archived

This topic is now archived and is closed to further replies.

QsoftStudios

Cross site Request Forgery Vurl

Recommended Posts

Hello I did a quick scan of my osCommerce site with w3af to see if there were any security holes or vurls. When the scan completed it found a cross site request forgery vurl in the index.php and the advanced_search_result.php scripts. As you all know this is not good and I thought I would bring it to the developers and communities attention.

 

Thanks! :)

Share this post


Link to post
Share on other sites

@@QsoftStudios

 

You would have to look at those files and determine what the vulnerable code is and then fix it. Without seeing the code, we can't help

 

 

 

Chris


:|: Was this post helpful ? Click the LIKE THIS button :|:

 

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

Share this post


Link to post
Share on other sites

@@QsoftStudios

 

You would have to look at those files and determine what the vulnerable code is and then fix it. Without seeing the code, we can't help

 

 

 

Chris

 

 

 

I am in the process of doing that now I will update you when I find the vulnerable part of the code.

Share this post


Link to post
Share on other sites

×