Security Fix to XSS issue to News / Blog Listing pages

Security Fix to XSS issue to News / Blog Listing pages

1a. Open shopnewslistings.asp

1b. Below

Dim template

Add

dim archive, passmonth, passquery
archive = cleanchars(request("archive"))
passmonth = cleanchars(request("month"))
passquery = cleanchars(request.ServerVariables("QUERY_STRING"))

1c. Find and Replace all request("archive") to archive

1d. Find and replace all request("month") to passmonth

1e. Find and replace all request.ServerVariables("QUERY_STRING") to passquery

2a. Open shopblogslistings.asp

2b. Below

Dim template

Add

dim archive, passmonth, passquery
archive = cleanchars(request("archive"))
passmonth = cleanchars(request("month"))
passquery = cleanchars(request.ServerVariables("QUERY_STRING"))

2c. Find and Replace all request("archive") to archive

2d. Find and replace all request("month") to passmonth

2e. Find and replace all request.ServerVariables("QUERY_STRING") to passquery


Times Viewed:
2004
Added By:
Bobby
Date Created:
3/21/2011
Last Updated:
3/24/2011