abirchall Posted May 10, 2007 Share Posted May 10, 2007 Hi, I'm running 2.2-MS2 and had installed a HackerGuardian logo on the website a few weeks back. Over the last week I've recieved a failure in the tests quoting the website was vulnerable to BLIND SQL injection. I've read previous posts specifically http://www.oscommerce.com/forums/index.php?showtopic=254708. Previous references on the forum/fixes seem to deal with country and zone codes and I checked to ensure my code for these was the most recent and correct. However, HackerGuardian said the vulnerability is coming from the specials.php page. e.g. /specials.php?-=&listall=1+AND+1=1 I did make a slight change to my classes/split_page_results.php a while back to allow users to show all products... if (isset($HTTP_GET_VARS['listall'])) { if ($HTTP_GET_VARS['listall']==1) { $max_rows = 10000; } } I can obviously do a check to see if listall above is_numeric and catch such strings as 'listall=1+AND+1=1'. My question is how should the code react if 'listall=1+AND+1=1' is passed in? I can't see any difference in what is returned from the below and this is the most recent version of osCommerce which is persumably not vulnerable: http://demo.oscommerce.com/product_info.php?products_id=1 http://demo.oscommerce.com/product_info.ph...ts_id=1+AND+1=1 Many thanks in advance, A Link to comment Share on other sites More sharing options...
Guest Posted May 10, 2007 Share Posted May 10, 2007 make sure whatever parameters have to do with database access are properly processed through the tep_db_prepare_input and tep_db_input functions. If you know the parameter is of type integer you can add a straight (int) cast. You can also apply some filtering if you're concerned with the parameters propagating. http://www.oscommerce.com/community/contributions,3656 But in general you need to validate the get parameters, forms etc properly. And that is dependent to what custom scripts you have. Link to comment Share on other sites More sharing options...
designcraft Posted June 4, 2009 Share Posted June 4, 2009 I need to fix the possible blind sql injection for my product_info.php pages. I installed Security Pro a long time ago and everything was fine then. What happened? Can anyone help me figure this out? Thanks!! I have been looking for possibilities but I did the security code already. Link to comment Share on other sites More sharing options...
Guest Posted June 5, 2009 Share Posted June 5, 2009 what exactly is supposed to happen when: /specials.php?-=&listall=1+AND+1=1 is executed? Link to comment Share on other sites More sharing options...
spooks Posted June 5, 2009 Share Posted June 5, 2009 http://www.oscommerce.com/forums/index.php?showtopic=313323 Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
Guest Posted June 29, 2009 Share Posted June 29, 2009 what does that topic have to do with anything? i only inquired what the result of that particular command would be. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.