Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

HELP Please!!!!!! Vulnerable Blind Sql injection problem


staradmire

Recommended Posts

I got a notice that it is possible my sites advanced search page is vunerable to blind sql injection. The notice suggested that An attacker may exploit this flaws to bypass authentication or to take the control of the remote database.

 

Solution : Modify the relevant CGIs so that they properly escape arguments

 

I have removed the advanced search off of my site temporarily. How do I fix this? I have had this search on my site for a few months now. My hackerguardian found this last night.

 

Can anyone help please? I can not have my site without a search. Thank you.

Link to comment
Share on other sites

are you using the latest osc version?

 

 

I am using 2.2 MS2 (051113). It says there is a update to Upgrade to 2.2 MS2 (060817)

 

It says to use the link if I have no modifications. I have a few of them and did not want the store to be overwritten. There are no instructions on how to update a modified site.

 

I have been fine and then just last night it came up with this. I have had hackerguardian for a couple months as well.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...