[ic] Interchange security releases: 5.7.2, 5.6.2, 5.4.4

Grant emailgrant at gmail.com
Sun Sep 20 18:10:00 UTC 2009


>> I hope replying here is alright.  I'm trying to figure out if I'm
>> vulnerable to this.  I don't use [search-region] or ActionMap at all.
>> Does that exclude me?
>
> No, you are vulnerable if you use a Standard or Foundation based
> catalog.  You are vulnerable if you have a search results page that
> utilizes the Interchange standard search facilities anywhere, even if
> you do not use it.  If you think you might be vulnerable you probably
> are.  If you think you are not vulnerable then you still probably are.
>
> I recommend this update for ... pretty much everyone.
>
>
> Peter

I don't use a Standard or Foundation based catalog, and my search
results pages are completely home-brewed within IC.  None of the raw
search parameters appear in the URL ever.  I do use [loop
search="..."][/loop] within my pages, but I don't know if that counts
as "standard search facilities" and I don't see how that could be
manipulated.

- Grant



More information about the interchange-users mailing list