Results 1 to 2 of 2
  1. #1
    Join Date
    Jun 2003
    Location
    Newcastle UK
    Posts
    2,896
    Blog Entries
    2
    Plugin Contributions
    2

    Default v1.3.5 Security Alert

    We were informed recently of an XSS exploit in Zen Cart code.

    I would like to thank Armorize technologies for responding so quickly to clarify the details of the exploit, especially Wayne Huang and Benson Wu of Armorize Technologies,

    You can read more about the exploit and how to patch the files that are vulnerable at

    http://www.zen-cart.com/forum/showth...700#post270700

  2. #2
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: v1.3.5 Security Alert

    Zen Cart v1.3.5 XSS PATCH Released Oct 1, 2006
    =================================================
    To combat a reported XSS exploit vulnerability in Zen Cart, simply download the files from the patch ZIP and copy the enclosed /admin files for login.php and password_forgotten.php to your admin folder.

    Remember, if you have renamed your admin folder, you will have to use *that*
    folder name when copying/uploading.


    File can be downloaded here:
    http://sourceforge.net/project/showf...ease_id=444622

    These fixes are NOT included in the main "full-fileset" zip.
    Please apply these fixes AFTER unzipping the main full-fileset zip contents.

    Alternatively, you may wish to apply the edits manually:
    http://www.zen-cart.com/forum/showthread.php?t=47526
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

 

 

Similar Threads

  1. Security Alert question
    By countrycharm in forum General Questions
    Replies: 5
    Last Post: 13 Sep 2008, 06:34 AM
  2. Security Alert email
    By sparktronic in forum General Questions
    Replies: 3
    Last Post: 18 Aug 2006, 01:39 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR