Mehr Details findet Ihr unter: http://seclists.org/fulldisclosure/2011/Feb/358
Patchanleitung für ECB - Shop Versionen <= 1.0.9:
Datei /inc/xtc_validate_email.inc.php:
Diesen Code:
Code: Alles auswählen
function xtc_validate_email($email) {
$valid_address = true;
Code: Alles auswählen
function xtc_validate_email($email) {
if (strpos($email,"\0")!==false) {return false;}
$valid_address = true;
Diesen Code:
Code: Alles auswählen
xtc_db_query("update ".TABLE_CUSTOMERS." set customers_password = '".$crypted_password."' where customers_email_address = '".$check_customer['customers_email_address']."'");
Code: Alles auswählen
xtc_db_query("update ".TABLE_CUSTOMERS." set customers_password = '".$crypted_password."' where customers_email_address = '".xtc_db_input($check_customer['customers_email_address'])."'");
Ciao,
Mike