spooks Posted May 2, 2008 Posted May 2, 2008 There appears to me to be a vulnerability in the search form in OSC2.2 rc1 where it could be used by a malicious attacker to inject sql or code. Can anyone confirm if this is true, or I`m just being paranoid. Just in case I have added a trap in advanced_search_result.php Just before: if ($error == true) { Add: // trap sql / code injection attempt if ((mysql_real_escape_string($keywords) <> $keywords) || (strip_tags($keywords) <> $keywords)){ $error = true; $messageStack->add_session('search', '', 'none'); $messageStack->add_session('search', ERROR_INVALID_CHARACTERS); } Cheers :blink: Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al.
mrjd1410 Posted May 10, 2008 Posted May 10, 2008 There appears to me to be a vulnerability in the search form in OSC2.2 rc1 where it could be used by a malicious attacker to inject sql or code. Can anyone confirm if this is true, or I`m just being paranoid. Just in case I have added a trap in advanced_search_result.php Just before: if ($error == true) { Add: // trap sql / code injection attempt if ((mysql_real_escape_string($keywords) <> $keywords) || (strip_tags($keywords) <> $keywords)){ $error = true; $messageStack->add_session('search', '', 'none'); $messageStack->add_session('search', ERROR_INVALID_CHARACTERS); } Cheers :blink: Hi spooks I am going to try your code have been having a lot of problems with this eval injection it is also going for definemainpage.php.... will let you know what happens the hackers should be back shortly as they seem to have targeted me
♥geoffreywalton Posted May 10, 2008 Posted May 10, 2008 Found this pach to go in application top but can't find the link as there might be more // FWR Media Security // If you want to turn security off just comment (//require_once) the line below require_once('includes/functions/security.php'); if ( function_exists('tep_clean_get__recursive') ) { // Recursively clean $HTTP_GET_VARS and $_GET // There is no legitimate reason for these to contain anything but .. // A-Z a-z 0-9 -(hyphen).(dot)_(underscore) {} space $HTTP_GET_VARS = tep_clean_get__recursive($HTTP_GET_VARS); $_GET = tep_clean_get__recursive($_GET); $_REQUEST = $_GET + $_POST; // $_REQUEST now holds the cleaned $_GET and std $_POST. $_COOKIE has been removed. } Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>.
mrjd1410 Posted May 10, 2008 Posted May 10, 2008 Found this pach to go in application top but can't find the link as there might be more // FWR Media Security // If you want to turn security off just comment (//require_once) the line below require_once('includes/functions/security.php'); if ( function_exists('tep_clean_get__recursive') ) { // Recursively clean $HTTP_GET_VARS and $_GET // There is no legitimate reason for these to contain anything but .. // A-Z a-z 0-9 -(hyphen).(dot)_(underscore) {} space $HTTP_GET_VARS = tep_clean_get__recursive($HTTP_GET_VARS); $_GET = tep_clean_get__recursive($_GET); $_REQUEST = $_GET + $_POST; // $_REQUEST now holds the cleaned $_GET and std $_POST. $_COOKIE has been removed. } Hi I am just being hacked again 12 hours later than my last post is nobody with the knowledge there in OSC to take a look and try to prevent what is happening it is obviousely a hole in OSC they can not get in to my computer :rolleyes: I think at least it will be very difficult does not matter I put in a new windows like my underpants just like to stop the BASTARDS!!!! the bugs don't like people like that. Sorry for the strong language but I am convinced this is a hole in OSC I have ten sites running, naturally it is probably through one of the add ons /lite box maybe/live chat////
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.