Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Search form, sql / code injection vulnerability


spooks

Recommended Posts

There appears to me to be a vulnerability in the search form in OSC2.2 rc1 where it could be used by a malicious attacker to inject sql or code.

 

Can anyone confirm if this is true, or I`m just being paranoid.

 

Just in case I have added a trap in advanced_search_result.php

 

Just before:

 

if ($error == true) {

 

Add:

 

// trap sql / code injection attempt

if ((mysql_real_escape_string($keywords) <> $keywords) || (strip_tags($keywords) <> $keywords)){

$error = true;

$messageStack->add_session('search', '', 'none');

$messageStack->add_session('search', ERROR_INVALID_CHARACTERS);

}

 

 

Cheers :blink:

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

There appears to me to be a vulnerability in the search form in OSC2.2 rc1 where it could be used by a malicious attacker to inject sql or code.

 

Can anyone confirm if this is true, or I`m just being paranoid.

 

Just in case I have added a trap in advanced_search_result.php

 

Just before:

 

if ($error == true) {

 

Add:

 

// trap sql / code injection attempt

if ((mysql_real_escape_string($keywords) <> $keywords) || (strip_tags($keywords) <> $keywords)){

$error = true;

$messageStack->add_session('search', '', 'none');

$messageStack->add_session('search', ERROR_INVALID_CHARACTERS);

}

Cheers :blink:

 

 

 

Hi spooks I am going to try your code have been having a lot of problems with this eval injection it is also going for definemainpage.php.... will let you know what happens the hackers should be back shortly as they seem to have targeted me

Link to comment
Share on other sites

Found this pach to go in application top but can't find the link as there might be more

 

// FWR Media Security

// If you want to turn security off just comment (//require_once) the line below

require_once('includes/functions/security.php');

if ( function_exists('tep_clean_get__recursive') ) {

// Recursively clean $HTTP_GET_VARS and $_GET

// There is no legitimate reason for these to contain anything but ..

// A-Z a-z 0-9 -(hyphen).(dot)_(underscore) {} space

$HTTP_GET_VARS = tep_clean_get__recursive($HTTP_GET_VARS);

$_GET = tep_clean_get__recursive($_GET);

$_REQUEST = $_GET + $_POST; // $_REQUEST now holds the cleaned $_GET and std $_POST. $_COOKIE has been removed.

}

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Link to comment
Share on other sites

Found this pach to go in application top but can't find the link as there might be more

 

// FWR Media Security

// If you want to turn security off just comment (//require_once) the line below

require_once('includes/functions/security.php');

if ( function_exists('tep_clean_get__recursive') ) {

// Recursively clean $HTTP_GET_VARS and $_GET

// There is no legitimate reason for these to contain anything but ..

// A-Z a-z 0-9 -(hyphen).(dot)_(underscore) {} space

$HTTP_GET_VARS = tep_clean_get__recursive($HTTP_GET_VARS);

$_GET = tep_clean_get__recursive($_GET);

$_REQUEST = $_GET + $_POST; // $_REQUEST now holds the cleaned $_GET and std $_POST. $_COOKIE has been removed.

}

Hi I am just being hacked again 12 hours later than my last post is nobody with the knowledge there in OSC to take a look and try to prevent what is happening it is obviousely a hole in OSC they can not get in to my computer :rolleyes: I think at least it will be very difficult does not matter I put in a new windows like my underpants just like to stop the BASTARDS!!!! the bugs don't like people like that. Sorry for the strong language but I am convinced this is a hole in OSC I have ten sites running, naturally it is probably through one of the add ons /lite box maybe/live chat////

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...