Monday, December 29, 2008

CF Shopkart Exploit Fix

It has come to my attention that a hacker could use a blind SQL injection in order to cause problems on a website running CFShopkart

When viewing categories in the shopping cart the hacker could append something to the URL variable category=1 to cause problems on your site.

I will have a fix for this along with some other updates in the next release, but here is a simple fix to the potential security risk:

Open the following files:

/catalog/Categories_HTML.cfm
/catalog/Categories_HTMLTree.cfm
/catalog/Categories_Image.cfm
/catalog/FormCategories.cfm

At or near the top make sure you have the following line:

cfparam name = "category" default="0" type="integer"

If the lins is there make sure you add type integer. This is a quick and simple fix, and should prevent this type of attack. From my understanding, those using the MS Access DB are particularly vulnerable to this type of attack.