quick and easy ecommerce

[mresell]

That's good to know.

[generic]

yes latest version of candy press on a windows box.

[creativechaos]

anyone tried VPASP? http://www.vpasp.com

They have a free version which works quite well and is completely open souce ASP

[generic]

I used them several years ago when they first started up, I became rather good at customising it and was a reseller.
No here is why I left:
I , spent a lot of $$ on their product, then on the upgrades, and when they had a verson change (exactly 13 months month outside of their 12 month window for free upgrades), they expected me to shell out another fee.
I sent them a request for the upgrade explaining my long history and my month outside the upgrade (when they caused the delay for the release) and even though I had been a loyal follower, paying over double the original cost, they told me i am out of luck. Just keep this in mind when you buy their product, you will be paying a lot more $$ in the future to keep current.
I DONT mind paying for a product, I DO mind someone trying to get rich off me on upgrades etc.
I decided to go to oscommerce and candy press.
Never looked back...
They have been havng a few serious security issues that required immediate patches, so keep that in mind too.

Quote:

Do I get a free upgrade to VP-ASP 6.00 or 5.50?
Upgrades are free for one year from the original date of purchase of the VP-ASP Shopping Cart. We provide a self service upgrade facility and so it is your choice on when or if to upgrade.
How a much will VP-ASP upgrade cost?
If you purchased VP-ASP more than a year at the time you decide to upgrade, there will be a fee. This fee pays for the many years of design, coding, testing and documenting the new features and facilities you will be receiving.
Upgrade to VP-ASP Value Pac $99.00
Upgrade to VP-ASP Plus! Pac $149.00
Upgrade to VP-ASP Deluxe Pac $199.00

so you can buy a full versoin, and if an upgrade comes out 13 months later, you will pay an additional $199 to get it, complete BS.

Quote:

I just paid for an upgrade why do I have to pay again?
Each release has many new facilities. It is up to you to decide if you need them.
The development of each new software release takes many person years. We believe the small fee we charge for upgrades is a reasonable amount for the development effort we have put into this work.

[generic]

see vpasp users.. here you go again.....


TITLE:
VP-ASP SQL Injection

CRITICAL:
Highly critical

IMPACT:
Manipulation of data, Deletion of data

WHERE:
From remote

SOFTWARE:
VP-ASP 3.5
VP-ASP 4.x
VP-ASP 5.x
VP-ASP 6.x

DESCRIPTION:
A new vulnerability in VP-ASP software has emerged, which can be exploited by malicious people to conduct SQL injection attacks.

1) Input passed to the "stremail" and "strlastname" parameter in shopmailpwd.asp is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

SOLUTION:

1. Open shopmailpwd.asp

2. Locate the following line:

templastname=replace(strlastname,"'","''")

3. Change to:

templastname=replace(strlastname,"'","''")
templastname=cleanchars(templastname)

4. Locate the following line:

tempemail=replace(stremail,"'","''")

5. Change to:

tempemail=replace(stremail,"'","''")
tempemail=cleanchars(tempemail)


PLEASE NOTE: These last two steps may vary slightly in older versions - tempemail may not exist, in which case you will need to make the following changes.

Locate:

templastname=replace(strlastname,"'","''")
templastname=cleanchars(templastname)

Add this below:

dim tempemail
tempemail=replace(stremail,"'","''")
tempemail=cleanchars(tempemail)



Locate:

sql = sql & " and " & " email='" & stremail & "'"

Change to:

sql = sql & " and " & " email='" & tempemail & "'"


6. Open shop$db.asp

7. Do a search for the following:

function CleanChars(strWords)

8. If the function is not found, paste this at the bottom of shop$db.asp (above the %> tag):

function CleanChars(strWords)
dim badChars,i
dim newChars

newchars=strwords

if len(Strwords)<15 then
cleanChars = newChars
exit function
end if

badChars = array("select", "drop", ";", "--", "insert", "delete", "xp_","union","char","@@")
newChars = strWords

for i = 0 to uBound(badChars)
if instr(1,newchars,badchars(i),1)>0 then
newchars=""
cleanchars=newchars
exit function
end if
next

newchars=replace(newchars,"'","''")
cleanChars = newChars
end function

9. Save shopmailpwd.asp and shop$db.asp.

10. Back up the existing copies of shopmailpwd.asp and shop$db.asp on your server

11. Upload the new copies of shopmailpwd.asp and shop$db.asp to your server

[generic]

anyone try oscommerce on windows yet?

[jetzkr8]

I think a better alternative is Joomla + Virtuemart, both open-source and many features out of the installation process itself. Certainly good for the first timer with small web presence.

[bsdrocks]

Talking about VPASP, I have 2 licenses , 1 VPASP 5.0 Deluxe and 1 VPASP 5.5 lite that I want to sell. If anyone's interested PM.