QuadComm e-commerce solutions

Q-Shop
Overview Features Benefits Demo Transactions Order FAQ Lite vs. Pro Resellers Testimonials Client's sites Forum Requirements News Support Downloads Merchandise

QuadComm
About us Contact us Internet News Books ASP Tips

Newsletter »

Search

Phishing vulnerability in search.asp

VERSIONS AFFECTED

Q-Shop Pro and Lite v3.5.0 and 3.5.1.

DETAILS

It would be possible to provide a link to a Q-Shop store and make it include some external JavaScipt leading to a potential phishing attack.

RESOLUTION

Follow this simple steps:

1. Edit search.asp and where it says:

	<h1 class="MainTitle">Search results for: <%= Request("srkeys") %></h1><br>

Change it to:

	<h1 class="MainTitle">Search results for: <%= RemoveHTML(Request("srkeys")) %></h1><br>

This will strip out any HTML passed in the URL as search terms when displaying on the page.

Benefits
Drive more traffic to your shop using the search engine optimization features included in Q-Shop. Learn more »

Featured Book
12 Ways to Give Your Webstore a Sales Boost