xt:Commerce possible DoS
Hello,
I've found a suspicious behavior of the xt:Commerce shop software (only
verified in their demo shop).
When entering "<>>" as a search query in the Quick Purchase field at the left
side of the shop, I get:
Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate
8388611 bytes) in
/is/htdocs/wp1052946_X4Y7B4PF21/www/includes/classes/class.inputfilter.php on
line 136
This looks very much like a problem in the input filter that causes too much
memory to be allocated (and that could of course be used for DoS)
Unfortunately, the source code is not available freely, so I cannot investigate
this further. If anyone has the source code available, feel free to check out
the specific region in the input filter.
I informed the company but they closed my ticket without any response, and even
after I reopened it, there hasn't been any feedback for almost 2 weeks now.
Best regards,
Christian Holler