exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

fishcart.txt

fishcart.txt
Posted Jan 14, 2004
Authored by Luke Campbell

FishCart versions 3.0 and below suffer from an integer overflow when using PHP2 and receiving an order of a billion or more. Patch available here.

tags | advisory, overflow
SHA-256 | 2946a8743904f2413e9d0cb500b30f4a0b3084aa946a8a95dc72993514a01cc6

fishcart.txt

Change Mirror Download

FishCart(R) is a popular full-featured multi-language open source
e-commerce system. It is written in PHP4 and works with a variety
of database engines. It has been in production for 6 years and is
in active use in a number of countries. FishCart has developers in
the US and western Europe.

On 8 January 2004, Luke Campbell (l.campbell@m2consultancy.com) of
M2 Consultancy reported an error where very large quantities
ordered, on the order of a billion or more, can cause negative
totals in FishCart. We quickly traced this to an integer overflow
in an arithmetic rounding function written for PHP2, in which
FishCart was originally written in late 1997. This rounding
function has since been in use in all versions of FishCart.

The developers believe we have a simple solution, to simply replace
the previous rnd() function with the one below. After research and
testing we believe this will give accurate multi-national results.

function rnd ($n) {
return round($n,2);
}

The function is found in the included file round.php[3] for FishCart
3.0 or earlier, or in functions.php for the version 3.1 betas.
FishCart version 1.x users will need to modify the function in both
the round.php3 and showcart.php3 files.

Version 3.1, available from http://fishcart.org/, is supplied with
the patch already applied and tested.

The second precision argument to the round() function requires
PHP4. We believe this to be a reasonable choice, as the vast
majority of sites should by now be running on PHP4.

For sites running on PHP3, or for those that do not have immediate
access to the FishCart code, risk can be greatly reduced if a
FishCart uses a maximum order quantity on each product, or if
inventory checks are enabled per product (unless very high stock
levels are listed). As long as the maximum total currency amount is
less than (2^31)-5, or 2,147,483,643, there will be no integer
overflow in the current rnd() function.

The appropriate maximum order quantity in the product table will
depend on each site, perhaps 1000 or 10000; this could be set per
product or sitewide as makes sense for each installation.

Another option is to modify the code in the showcart.php[3] and
modcart.php[3] files to limit the quantity allowed. No specific code
patches can be provided due to the many different versions of FishCart
that have been released.

B. van Ouwerkerk, one of the FishCart developers, has provided a
simple utility script to update all products with a maximum order
quantity. The script is available from the following location.
Rename the script to fcsqlfix.php and upload it to the ./maint
directory under the FishCart installation, then access the file
directly from your browser. A simple form will be presented to
enter the maximum order quantity to which you wish to set all
products. When submitted the form will update the database.
Thanks to B. for responding quickly with this.

http://fishcartdocs.bvanouwerkerk.nl/fcsqlfix.php.txt

Support will be provided via the FishCart support e-mail list,
available for subscription at http://fishcart.org/. One must be
subscribed to send to the list, fishcart@fishcart.org.

We recommend that the appropriate fix for each site be applied
immediately. No known abuses of this bug have been reported.
Merchants should be able to quickly identity and correct any such
abuses, due to the negative totals and the extremely high product
quantities required to cause the overflow.

Michael Brennen
President, FishNet(R), Inc.
For the FishCart Developers
+011 972.669.0041

FishCart is a registered trademark of FishNet(R), Inc.
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close