Page 12 of 12 FirstFirst ... 2101112
Results 111 to 114 of 114
  1. #111
    Join Date
    Apr 2006
    Location
    London, UK
    Posts
    10,569
    Plugin Contributions
    25

    Default Re: PHP inside ezpages

    Quote Originally Posted by kehrli View Post
    Ok, thanks. I guess if they have admin access, you're pretty well ****ed already. I'm not sure this would make it much worse.
    Oh but it can.

    Firstly, contrary to popular belief, most business fraud involves a trusted insider, who may not otherwise have access to your code.

    Secondly, if somebody wants to trash your site, sure, access to the admin would allow them to pretty much do that. But for what benefit? You'd simply restore it from your backup, and move on. A bit painful, yes - but what's the hacker got out of it? After all you're not storing credit card details or anything that could give them a financial benefit on your site. On the other had, if they can access the code base, even if only indirectly through the admin, that could be used to quietly divert payments, something which you may not notice for a while, or at all until you start to get complaints about unfulfilled orders some time later - an more lucrative form of attack that has been reported in the past in this forum.
    Kuroi Web Design and Development | Twitter

    (Questions answered in the forum only - so that any forum member can benefit - not by personal message)

  2. #112
    Join Date
    Jan 2007
    Location
    Los Angeles, California, United States
    Posts
    10,023
    Plugin Contributions
    32

    Default Re: PHP inside ezpages

    Quote Originally Posted by kuroi View Post
    Oh but it can.

    Firstly, contrary to popular belief, most business fraud involves a trusted insider, who may not otherwise have access to your code.

    Secondly, if somebody wants to trash your site, sure, access to the admin would allow them to pretty much do that. But for what benefit? You'd simply restore it from your backup, and move on. A bit painful, yes - but what's the hacker got out of it? After all you're not storing credit card details or anything that could give them a financial benefit on your site. On the other had, if they can access the code base, even if only indirectly through the admin, that could be used to quietly divert payments, something which you may not notice for a while, or at all until you start to get complaints about unfulfilled orders some time later - an more lucrative form of attack that has been reported in the past in this forum.
    Happened to two of my clients who decided to "wait" to get upgraded..
    My Site - Zen Cart & WordPress integration specialist
    I don't answer support questions via PM. Post add-on support questions in the support thread. The question & the answer will benefit others with similar issues.

  3. #113
    Join Date
    Mar 2007
    Location
    sunny Florida, USA
    Posts
    81
    Plugin Contributions
    0

    Default Re: PHP inside ezpages

    Ajeh,

    In '06 you mentioned that there was something coming 'down the pike' to allow php code execution inside an ez-page. Has that happened, and if so, how might I find it. Also, if not, is it your understanding that the answer described in the 1st msg in this thread would allow for a single block of php, or should one be able to have a mix of html and php within a php page?

    Thanks in advance.
    -Ray
    ++++++++++++++++
    Subtle as the 'b' in subtle.

  4. #114
    Join Date
    Mar 2007
    Location
    sunny Florida, USA
    Posts
    81
    Plugin Contributions
    0

    Default Re: PHP inside ezpages

    Quote Originally Posted by BouncerFL View Post
    Ajeh,

    In '06 you mentioned that there was something coming 'down the pike' to allow php code execution inside an ez-page. Has that happened, and if so, how might I find it. Also, if not, is it your understanding that the answer described in the 1st msg in this thread would allow for a single block of php, or should one be able to have a mix of html and php within a php page?

    Thanks in advance.
    -Ray
    Answering my own post (again), it seems that embedded html/php is fine, but any php run needs to be without escapes. I had a bunch of
    Code:
    \"
    in some mixed code and the stripslashes were causing fits. Fix was to replace outer delimiters with single apostrophes and remove all new lines
    Code:
    /n
    Seems to be mostly working now.

    The next thing I've got to tackle is that the query_factory.php is throwing an error (line 98), even though my embedded mysql/php stuff is working. Anyone care to burn some braincells on this? I'm not sure why it's triggering an error.

    I guess a more thorough review of what might trigger is in my near future :)

    Happy Zenning all,
    -Ray
    Last edited by BouncerFL; 29 Nov 2012 at 04:56 PM. Reason: clarity - layout
    ++++++++++++++++
    Subtle as the 'b' in subtle.

 

 
Page 12 of 12 FirstFirst ... 2101112

Similar Threads

  1. PHP inside EZ-Pages
    By digiprint in forum General Questions
    Replies: 0
    Last Post: 17 Jun 2013, 09:10 AM
  2. PHP code inside of an EZ page
    By tcarden in forum Templates, Stylesheets, Page Layout
    Replies: 2
    Last Post: 18 Dec 2012, 05:19 PM
  3. PHP inside EZpages
    By hookah in forum General Questions
    Replies: 3
    Last Post: 15 Nov 2008, 08:40 AM
  4. search inside php files
    By papadopoulos in forum General Questions
    Replies: 2
    Last Post: 20 Jun 2006, 02:31 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR