[ic] SQL Injection?
jon at endpoint.com
Fri Sep 19 16:36:20 UTC 2014
On Fri, 19 Sep 2014, Bob Puff wrote:
> Looks like I may have another issue. Again, the reference: CentOS 6,
> Perl 5.10.1 (non-threaded), IC 5.8.2. Just ran a PCI scan from
> controlscan.com, and they came back with a mess of SQL Injection vulns.
Thanks for the report, Bob. Most of us running production ecommerce sites
on Interchange created them some years ago and their template and page
code has diverged significantly from the standard demo, so our fixes for
past SQL injections may not have applied to the standard demo.
We welcome any patches you can contribute to fix such problems in the
It is typically easy to fix in ITL code by using:
[filter op=sql interpolate=1]...[/filter]
for plain HTML text.
End Point Corporation
More information about the interchange-users