The Foxy forums are on the move!

We're in the process of moving our forums over to a new system, and so these forums are now read-only.
If you have a question about your store in the meantime, please don't hesitate to reach out to us via email.

Potential redirect security issue?

flinx777flinx777 Member
in Help edited January 2015
I just got a response back from a client using Foxycart and not sure how to answer their question. Thoughts?

"We went through a PCI questionnaire with our IT guy yesterday and came across a potential vulnerability in the ecommerce of our site. He brought up the concern that a hacker could redirect the link that currently exists from the cart to FoxyCart – that a hacker could step in the middle of this transfer and redirect traffic to their own checkout page."
  • brettbrett FoxyCart Team
    It's a good question, but I don't think there's a good answer. Similar questions for thought experiments:

    * What if you're using Amazon or PayPal buttons and the site is hacked, and those buttons redirect to phishing sites?
    * What if you don't do ecommerce at all, but your site is compromised and malicious "buy now" buttons are inserted?
    * What if your site is hacked and (just for funsies) an attacker sets up an unencrypted order form that emails you raw credit card numbers and security codes?

    If the site's compromised, all bets are off. It is a good question, and I'll check with our QSAs to see if they have an opinion we can share. But it seems like "not entirely a PCI issue," as the problems remain even if you aren't even doing ecommerce to begin with.
Sign In or Register to comment.