How to fix exploit in Quick.Cart v2.2 and older

treewood (OpenSolution)

Avatar: treewood

2007-07-19 10:03

User Prometheus send us info that there is exploit for Quick.Cart v2.2 (http://secunia.com/advisories/25513/)
We have solution for that exploit:

Edit config/general.php
Find:

if( isset( $_COOKIE['sLanguage'] ) )

Change to:

if( isset( $_COOKIE['sLanguage'] ) && strlen$_COOKIE['sLanguage'] ) == )

theaxe

Avatar: theaxe

2007-09-22 21:11

Hi,

I just checked the Quick.Cart_v2.2_english.zip in the download area and the security fixes aren't patched yet. Would be nice if the latest versions have the patches in it.

Greetz,

Axel

eauman

No avatar

2007-11-18 21:16

Hi,
I am using 1.4 Fat & wanted to patch any holes but I can't see this code in my config\general.php file ?? Is there anything else I need to do for 1.4 ?

TIA

EauMan

merci

No avatar

2007-11-19 08:38

eauman - this exploit is about languages selection, but in v1.4 there were no languages, so it doesn't concern this version.

eauman

No avatar

2007-11-19 21:31

Thanks for the update

EauMan

Back to top

Over 32 thousand websites based on Quick.Cart and Quick.Cms. See the most interesting ones...

  • Screenshot of website aparperfume.pl
  • Screenshot of website sportowcydzieciom.pl
  • Screenshot of website jezykipodroze.pl
  • Screenshot of website powiat-wieruszowski.pl
  • Screenshot of website 4carriers.com
about us | contact