The checker is an HTML file that will allow you to enter the URL for your cart, the directory you have installed it in, then offer you links that you can click to see if the server has been properly configured to protect the files.
This tool is valuable for the following:
- Engineering, security, and QA - to ensure the application was properly installed and protected
- eCommerce site owners - to check the work of your web development company
- Credit card gateway companies - to check the security of the application installed for requesting clients
- Security - to identify risk areas for applications
- Hosting companites - to check client accounts after security problems
You do not have to install it on a server, you can run it from the desktop. It does not require any server access beyond the browser. No passwords, no database access, no FTP, no SSH. It doesn’t use AJAX, it won’t log into your cart. It won’t analyze the results.
It is a very simple, free tool that runs under IE.
If you would like a copy, you must either have a live cart running, or be part of a web development company. Use an email with the domain name of the cart, or your web dev company, and I will send you the HTML - in a text file. Requests can be made through the contact form on this blog.
Please don’t use gmail, hotmail, yahoo or other free accounts. You will not receive any response.
The reason the page isn’t posted for public access it that it would make it very easy for people to quickly check a cart’s vulnerabilities. Limiting the distribution is for security. This is not an attempt to collect email addresses or domains that are running X-Cart. I know how to find carts.