ANTI Cross Site Scripting attacks

1 of 1494   Next >   Last >>   The following osCommerce contribution is a free Opensource code originated from official osCommerce website and provided for your reference only, you may download the original contribution file(s) and install it on your own; or you may request a Paid Installation Service from Agents Of Power; Agents Of Power does the "AS IS" installation on your website, we do not guarantee it will work properly on your website. Extra Paid service is available for repairing the problem from the original contribution or from your website. Hi All, I found this alternative http://addons.oscommerce.com/info/6546 to this Anti XSS. This one wont result in people being baned just cleanses the HTML PHP Scripts thus rendering the XSS attackes useless File uploaded is a dummy file sorry please dont use amended changes or add that script if using rc2a I've found its to sensitive and results in non hackers being baned file uploaded is dummy file or use with caution Hi the following in adding xss to .htaccess file resulted in some customers being baned on buy now if turned into forms and if customer entered an invalid credit card number find RewriteCond %{QUERY_STRING} (;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if).* [NC] im no expert in this but did ask on expert exchange what was causing the problem and above is what they recommended and replace with RewriteCond %{QUERY_STRING} (;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark).* [NC] file uploaded says the same thing    Posted on: 03/17/2009     See contribution details Request Installation with Paid service