Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Malformed request able to reach database


qxonn

Recommended Posts

Hello,

 

I'm in the final stages of becoming PCI compliant and I have two SQL Injection errors that I can't seem to take care of. I have Security Pro installed and working, but my scan results are very confusing and I'm not sure what would fix this. The errors appear from URL's that are normally impossible to create during normal use. Can anyone out there help? I can provide more information. Here's a bit from the scan results:

 

Information From Target:

Regular expression "You have an error in your SQL syntax" matched contents of 1.

Query Parameters

 

* sort - 1a

* Qty_ProdId_15985 - 0

* Qty_ProdId_15984 - 0

* Qty_ProdId_15981 - 0

* Qty_ProdId_15977 - 0

* cPath - 1350_507_1203

* products_id - 10133

* action - add_slave\'SQL

* Qty_ProdId_15980 - 0

* Qty_ProdId_15983 - 0

* Qty_ProdId_15982 - 0

* Qty_ProdId_15978 - 0

* Qty_ProdId_15979 - 0

* page - 1

 

And the URL it gave me that creates the error: http://www.alchemyindustrial.com/product_info.php?sort=1a&action=add_slave\'SQL&cPath=1350_507_12

 

Thanks everyone. We are so close to being live it's starting to hurt!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...