Hey, Ive been struggling to get my site PCI compliant and they have a couple of issues with what seems to be Zen Cart related. Can someone help me understand these and what I can do about them.
This is was the information given to me:
1) Code Injection
Injected into the "products_id" form parameter (Using method GET) on
http://www.XXXXXX.com/products2/inde...7i28ujt5dm862:
14: <meta name="generator"content="shopping cart program
Solution
Ensure that the script properly validates user input before passing it to an interpreter for execution.
2) Missing Secure Flag From SSL Cookie
/products2/index.php
Cookie is not marked as secure: 'zenid=8njmvs57jf62j8h5ftnhcve4m7;path=/products2; httponly;domain=.www.sigproed.com'URL:
https://www.xxxxxx.com/products2/ind...ain_page=login
Solution:
Add the Secure flag to cookies sent over SSL
For each cookie sent over SSL in your web-site, add the "Secure" flag to the cookie. For example:
Set-Cookie: <name>=<value>[; <Max-Age>=<age>]
[; expires=<date>][; domain=<domain_name>]
[; path=<some_path>][; secure][; HttpOnly]
Bookmarks