Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

McAfee login.php needs to be sanitized


pyramids

Recommended Posts

Posted

Anyone know a quick fix for this issue reported by McAfee (I know it's minor, but need to fix anyway)

 

in catalog/login.php

 

enter:

 

login.php?reason=>"></title></iframe></script></form></td></tr><br><iFraMe+src

 

McAfee claims it is "Web Application Cross Site Scripting"

 

Their fix is to sanitize the following:

Ensure that parameters and user input are sanitized by doing the following:

Remove < input and replace with <

Remove > input and replace with >

Remove ' input and replace with '

Remove " input and replace with "

Remove ) input and replace with )

Remove ( input and replace with (

 

Just not sure where to put it?

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...