Third party shopping cart
Posted: Tue Jun 20, 2006 4:22 am
The company where I work was using this when I arrived, instead of collecting credit card numbers themselves.
http://www.mals-e.com/
I've been wondering how secure it is, and I may have found a vunerability but I'm not sure. The way we use it is one of our websites submits a form to this url: http://www.aitsafe.com/cf/pay.cfm and then they collect the billing details. Thing is, the first page doesn't check if theres html in any of your details before printing to the screen. Example:
(you will need to get your own userid to replace XXXXXX, it is free though)
Is this actually a security risk to our customers or am I being paranoid?
http://www.mals-e.com/
I've been wondering how secure it is, and I may have found a vunerability but I'm not sure. The way we use it is one of our websites submits a form to this url: http://www.aitsafe.com/cf/pay.cfm and then they collect the billing details. Thing is, the first page doesn't check if theres html in any of your details before printing to the screen. Example:
(you will need to get your own userid to replace XXXXXX, it is free though)
Is this actually a security risk to our customers or am I being paranoid?