0
Welcome Guest! Login
0 items Join Now

SOLVED Rokquickcart vulnerability?

  • SOLVED Rokquickcart vulnerability?

    Posted 6 months 1 week ago
    • We are concerned if we use rokquickcart people can inject an arbitrary price and then checkout.

      If someone were to do a google search for inurl:com_rokquickcart they would get a list of indexed sites with rokquickcart installed.

      Then if they click on a site, open up browser's developer tools and change the price to an arbitrary number and click checkout it will checkout using the injected value.

      This occurs because rokquickcart uses unsanitized user input instead of pulling the value from a database table.

      Does anyone know of a way to prevent this?
    • MrT's Avatar
    • MrT
    • Preeminent Rocketeer
    • Posts: 84071
    • Thanks: 10747
    • Web Designer/Developer

    Re: SOLVED Rokquickcart vulnerability?

    Posted 6 months 1 week ago
    • RokQuickcart is a Legacy extension that we no longer support. I recommend that you look at more modern ecommerce extensions available on JED such as Mijoshop and Hikashop.

      Regards, Mark.
    • Please search forums before posting. Please make sure your post includes the version of the CMS you are using and a link to the problem. Annotations on screenshots can also be helpful to explain problems/goals. Please use the "secure" tab for confidential information.
  • Re: SOLVED Rokquickcart vulnerability?

    Posted 5 months 1 week ago
    • Thanks Mark!

Time to create page: 0.056 seconds