staradmire Posted March 14, 2007 Share Posted March 14, 2007 I got a notice that it is possible my sites advanced search page is vunerable to blind sql injection. The notice suggested that An attacker may exploit this flaws to bypass authentication or to take the control of the remote database. Solution : Modify the relevant CGIs so that they properly escape arguments I have removed the advanced search off of my site temporarily. How do I fix this? I have had this search on my site for a few months now. My hackerguardian found this last night. Can anyone help please? I can not have my site without a search. Thank you. Link to comment Share on other sites More sharing options...
Guest Posted March 14, 2007 Share Posted March 14, 2007 are you using the latest osc version? Link to comment Share on other sites More sharing options...
staradmire Posted March 14, 2007 Author Share Posted March 14, 2007 are you using the latest osc version? I am using 2.2 MS2 (051113). It says there is a update to Upgrade to 2.2 MS2 (060817) It says to use the link if I have no modifications. I have a few of them and did not want the store to be overwritten. There are no instructions on how to update a modified site. I have been fine and then just last night it came up with this. I have had hackerguardian for a couple months as well. Link to comment Share on other sites More sharing options...
Guest Posted March 14, 2007 Share Posted March 14, 2007 there are manual instructions. Look into update-20060817.txt file that comes with the archive. Link to comment Share on other sites More sharing options...
staradmire Posted March 14, 2007 Author Share Posted March 14, 2007 there are manual instructions. Look into update-20060817.txt file that comes with the archive. Is that going to take care of the vulnerable blind sql injection problem? Link to comment Share on other sites More sharing options...
Guest Posted March 14, 2007 Share Posted March 14, 2007 should take care of the latest bugs reported and there are some fixes that affect the entire store against xss. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.