Jump to content
Sign in to follow this  
VARUNISAC

Security Alert: Possible Cross-Site Request Forgery (CSRF)

Recommended Posts

Posted (edited)

Security Alert: Possible Cross-Site Request Forgery (CSRF)

 

 

ERROR on my PHP Version 7.0.33 Cube cart site.

It occurs when we get to the main page after cancelling an order from a CCAvenue gateway..Please help.

 

Edited by VARUNISAC

Share this post


Link to post
Share on other sites

Posted (edited)

Welcome VARUNISAC! Glad to see you made it to the forums.

CubeCart uses a security token for every HTML form that is part of a web page. When submitting the form's data back to CubeCart, the security token is included in that data and is checked against what CubeCart last used and expects it to be. If different, or missing, CubeCart includes this alert on the next page sent to the browser.

For the CCAvenue gateway to not include this security token when the visitor choses not to complete a CCAvenue transaction will need to be looked at.

However, a different or missing token when submitting a form will also regularly happen when the visitor moves back through the page history using the browser's Back button, and also when the visitor opens more than one CubeCart page in separate tabs or windows, then submits a form after having submitted a prior form. (The security token changes after every form submission.)

In cancelling an order, is this simply abandoning the visit to CCAvenue's web portal and returning to your store's home page? Or was the sequence of page requests other than that?

Edited by bsmither

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...