|
Comersus 8 is here
Categories discount, new theme with snippets, new theme
also for BackOffice Plus, Error log, Top Customers report, more gateways,
recurring items, HTML emails and more.
Download Comersus 8 now.
News and announcements blog
Technical Support
Support in Twitter
E-commerce Hosting
Comersus Hosting
Host with us and get free Comersus Cart installation! (a $100 value)
E-commerce Hosting Plans.
Reseller Kits
Resell our Shopping Cart
Several options available. Use Comersus brand or your Company name.
Resell e-commerce.
Templates
Change your store design
Lots of templates available. Download and change your storefront design.
You can also ask for a quote for a custom template.
Download Templates.
|
About SQL Injection and Cross Site Scripting Security Advisors
We have recently been contacted by a security portal about
alleged serious vulnerabilities found in Comersus Cart. Similarly
to past occasions, the vulnerability report is incomplete, amateurish
and riddled with errors. The following are our notes on this
report.
Date: July-2007
1. Regarding versions: The report states that vulnerabilities
have been found in version 7.07, but that previous versions
have them too and version 7.08 could also be affected. Security
specialists can only advise about versions they have actually
tested. Predicting and deducting have no place in a serious
security report.
2. About SQL Injection: Comersus uses filtering functions to
avoid SQL Injection attacks. SQL Injection attacks are of great
concern to any dynamic application with access to data, since
they allow modifying or querying information in the database
bypassing permissions set for the application. The report claims
that Comersus 7.08 has a SQL Hole and provides the following
URL as evidence: comersus_optReviewReadExec.asp?idProduct='.
This URL prompts a database error, since the entry is not as
expected. However, the entry string to the variable Querystring
idProduct is correctly filtered, both by extension and type
of character, to prevent attacks. The above does not pose any
certain threat or prove any vulnerability, and it is irresponsible
to use a term such as "SQL Hole".
3. About Cross Site Scripting Pages: Three alleged exploits
are presented, where Comersus prints on screen the string: XSS.
This is not a vulnerability. While it is possible to create
a URL to display texts not originated in the site, this is not
a security issue since those texts are part of the URL and it
is clear that they are originated in the makeup of such URL.
4. About Cross Site Scripting Exploits: Comersus has filtering
levels to prevent the printing of scripts by means of the script
tag, therefore this vulnerability is not present.
5. About Phishing: Comersus has filtering levels to prevent
generating code containing the symbols required by the form
in the example presented in the report. The example only prints
on screen the text of the form.
Conclusions: All software application, even developed by companies
with big quality assurance and testing budgets, may have bugs
and vulnerabilities. It is essential, then, for users to stay
in touch with the providers of their software solutions, and
in the case of security reports, even from a doubtful source,
to be able to understand the information presented and check
their installations for vulnerabilities if necessary.
Some installations may be vulnerable to attacks due to customizations
or specific configurations, such as filtering levels. So, if
you have any doubts regarding security reports which may affect
your store, you can contact us for information or an assessment
of your installation.
Comersus Open Technologies
>> Download Free Comersus ASP Shopping Cart here...
>> Visit our online demo here...
>> Contact Comersus here...
|
|
