QuadComm e-commerce solutions

Q-Shop
Overview Features Benefits Demo Transactions Order FAQ Lite vs. Pro Resellers Testimonials Client's sites Forum Requirements News Support Downloads Merchandise

QuadComm
About us Contact us Internet News Books ASP Tips

Newsletter »

Search

Phishing vulnerability in search.asp

VERSIONS AFFECTED

Q-Shop Pro and Lite v3.5.0 and 3.5.1.

DETAILS

It would be possible to provide a link to a Q-Shop store and make it include some external JavaScipt leading to a potential phishing attack.

RESOLUTION

Follow this simple steps:

1. Edit search.asp and where it says:

	<h1 class="MainTitle">Search results for: <%= Request("srkeys") %></h1><br>

Change it to:

	<h1 class="MainTitle">Search results for: <%= RemoveHTML(Request("srkeys")) %></h1><br>

This will strip out any HTML passed in the URL as search terms when displaying on the page.

Benefits
Increase sales by offering Gift Certificates using Q-Shop Pro. Learn more »

Featured Book
10 Steps to E-Business on a Shoestring