Some problems with Advanced WebShop 0.9 (possible vulnerabilities and config)
Hello,
I'm using Advanced Webshop 0.9 of Savoy modified more than 4 or 5 years ago and never had anything similar to what happened to me yesterday with a user (better explained below). I also want to add some features and gives me some problems, surely someone with a little knowledge can help me.
1- First problem of a possible vulnerability:
Yesterday I found a user buying more than 70 a sword that is not even available in the webshop normaly and at intervals of just 10 seconds. I really don't know how he did it because the Webshop I was using got it in this forum think and was edited by someone else, with some protection like "Anti-Inject-Base64", "Anti-Inject-Base64PHP" "ctracker" "sql_inject" ...
But maybe this user could have edited cookies or something similar? I have some idea of that and is the only thing that comes to my head .. In that case, I can do to avoid this or some other type of hack for this system webshop?
2- How I can add Seed Spheres in the webshop?
The problem is that apparently by adding items with very high ID (such as Spheres Seeds in this case with 100 - 130 ID), doesn't take the real value that I put and when you I buy it, appears others items.
Im already add a thousand different items, but with this I can not. Maybe it's a configuration problem, which supports up to a maximum number of ID o something similar...
Thanks so much!
Re: Some problems with Advanced WebShop 0.9 (possible vulnerabilities and config)
u better use DMN webshop and dont waste time trying to protect that old webshop
google search
Re: Some problems with Advanced WebShop 0.9 (possible vulnerabilities and config)
I tried to use it and didn't like, it is encrypted and is difficult to modify ... And decrypted versions work very bad.
About the possible "vulnerability"... Only need to know what vulnerabilities is to fix it. It can be with tamper data or the like to modify cookies?
Re: Some problems with Advanced WebShop 0.9 (possible vulnerabilities and config)
Anybody can help me ? I can pay for this fixes if anyone is interested
Re: Some problems with Advanced WebShop 0.9 (possible vulnerabilities and config)
Hello,
Sorry for double post , but the first problem could already fix. It was only a bug of "categories" in webshop, if you buy without enought credits, you can buy and don't discount any credit.
--
Now I only need to fix the second problem. There any way to see the ID and INDEX of the items that are in my vault without programs like MuMaker?
I could use to guide me and keep trying different numbers until the webshop edit "Spheres" on vault properly. But in the "warehouse" table show binary data and I don't know how to translate like to see the ID and Index...
