Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

ScanAlert has found this Vulnerability. Please help


Guest

Recommended Posts

Hi All

 

We have just signed up to the ScanAlert Hackersafe program and they have advised we have several instances of a MySQL Database Error Disclosure Vulnerability found in Oscommerce

 

Here is an example they give.

 

Path /catalog/product_reviews_write_new.php

Query products_id=5535

osCsid=x%27%3B%22%2C%29%60

 

They advise:-

THE SINGLE BEST WAY TO FIX THIS VULNERABILITY IS TO IDENTIFY THE ACCEPTABLE INPUT FOR EACH FORM PARAMETER AND REJECT INPUT THAT DOES NOT MEET THAT CRITERIA.

 

Can anybody advise how to plug this hole

Thanks

Link to comment
Share on other sites

Hi All

 

We have just signed up to the ScanAlert Hackersafe program and they have advised we have several instances of a MySQL Database Error Disclosure Vulnerability found in Oscommerce

 

Here is an example they give.

 

Path /catalog/product_reviews_write_new.php

Query products_id=5535

osCsid=x%27%3B%22%2C%29%60

 

They advise:-

THE SINGLE BEST WAY TO FIX THIS VULNERABILITY IS TO IDENTIFY THE ACCEPTABLE INPUT FOR EACH FORM PARAMETER AND REJECT INPUT THAT DOES NOT MEET THAT CRITERIA.

 

Can anybody advise how to plug this hole

Thanks

Upgrade your store to the latest osc version.

http://www.oscommerce.com/solutions/downloads

Link to comment
Share on other sites

  • 3 weeks later...

Hi

 

Did that, and I am afraid that hasnt sorted the problem.

 

Should this be noted as a bug that needs fixing.

 

Cheers

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...