Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Webiste security issue, customer can access someone else's account


sahilsaid

Recommended Posts

Posted

Hi,

 

Please help me with this security issue.

 

One of my customer emailed me today and said he came to my website today and he didn't even log on and when he clicked on my account link he was able to access someone else's account a;ready logged on. he could see all their orders and details. This also happened to me once when I went to make an test on my account page but I thought this might have just happened and thought it won't happen again.

 

Please help me with this issue and tell me which file needs to be corrected (is it application_top.php).

 

Thanks for your help.

  • 9 months later...
Posted

Was this ever addressed?? I have the same problem also??

 

-KJ

define('PROJECTS', 'Something that goes on forever!');

Posted

Was this ever addressed?? I have the same problem also??

 

-KJ

In your admin set:

 

Prevent Spider Sessions True

Recreate Session True

 

Update your spiders.txt file ( link here)

 


Added in edit:

 

The site in your profile has links "spidered" with the session ID attached.

 

That would explain your problem.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...