Just wanted to let everyone know that there is a way to block XSS
scripting using mod_security. Just thought you might like to know!
Paul R.
--- In
shopzone@yahoogroups.com, "shopzoneforum" <stp@...> wrote:
>
> --- In
shopzone@yahoogroups.com, "psrubin" <prubin1@> wrote:
> >
> > Hi Steve and thanks for starting this group. I've recently become
> aware
> > that shopzone is susceptible to Cross Site Scripting. For
example,
> try
> > this link:
> >
> >
http://www.kci2.com/st_main.html?
> Submit=abc123&catid="><script>alert
> > (document.cookie)</script>
> >
> > I've tried contacting automatedshops.com, however they seem to be
> in
> > some kind of transition, and not too keen on updated the webc
code.
> > Does anyone has any ideas to filter the input/output to prevent
> this
> > possibility?
> >
>
> Thanks for pointing that out. It doesn't look like anything that
> I'll try to fix! You comments about the level of support for SZ
from
> Automated Shops reinforces what I have experienced. Take a look at
> this link:
>
>
http://www.moonslice.com/support/ShopZone/
>
> That makes me a little nervous!
>
> Steve P.
>
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
Offline 
Send Email