Jump to content

Allgemeine Diskussionen

xt:Commerce Community Forum

Existing user? Sign In
Sign In

Remember me Not recommended on shared computers

Forgot your password?
Sign Up

Search In

Everywhere
Topics
This Forum
This Topic
More options...

Find results that contain...

Any of my search term words
All of my search term words

Find results in...

Content titles and body
Content titles only

Sichheitsl?cken im Code

By danielw,
July 11, 2006 in Allgemeine Diskussionen

Recommended Posts

danielw

Posted July 11, 2006

- Report
- Share

Posted July 11, 2006

Ich finde es bedenklich, da? ich im Quelltext von xt:Commerce Angriffsm?glichkeiten gegen SQL Injection finden konnte.

Beispiel gef?llig?

$oder_total_query=xtc_db_query("SELECT

title,

text,

class,

value,

sort_order

FROM ".TABLE_ORDERS_TOTAL."

WHERE orders_id='".$_GET['oID']."'

ORDER BY sort_order ASC");

Entwicklerteam: W?re es m?glich wenigstens Metazeichen Escaping einzubauen?

Link to comment

Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

Please enable JavaScript

xt-commerce.com requires JavaScript (and a modern browser) to run. We recommend the latest version of Chrome, Safari, Firefox or Internet Explorer. Please enable JavaScript and refresh this page.

Learn how

×

Create New...

Sign In