TUCoPS :: HP Unsorted X :: bx3296.htm

xt:Commerce possible DoS
xt:Commerce possible DoS
xt:Commerce possible DoS


Hello,=0D
=0D
I've found a suspicious behavior of the xt:Commerce shop software (only verified in their demo shop).=0D
=0D
When entering "<>>" as a search query in the Quick Purchase field at the left side of the shop, I get:=0D
=0D
Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 8388611 bytes) in /is/htdocs/wp1052946_X4Y7B4PF21/www/includes/classes/class.inputfilter.php on line 136=0D
=0D
This looks very much like a problem in the input filter that causes too much memory to be allocated (and that could of course be used for DoS)=0D
=0D
Unfortunately, the source code is not available freely, so I cannot investigate this further. If anyone has the source code available, feel free to check out the specific region in the input filter.=0D
=0D
I informed the company but they closed my ticket without any response, and even after I reopened it, there hasn't been any feedback for almost 2 weeks now.=0D
=0D
=0D
Best regards,=0D
=0D
=0D
Christian Holler

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH