qxonn Posted February 15, 2011 Share Posted February 15, 2011 Hello, I'm in the final stages of becoming PCI compliant and I have two SQL Injection errors that I can't seem to take care of. I have Security Pro installed and working, but my scan results are very confusing and I'm not sure what would fix this. The errors appear from URL's that are normally impossible to create during normal use. Can anyone out there help? I can provide more information. Here's a bit from the scan results: Information From Target: Regular expression "You have an error in your SQL syntax" matched contents of 1. Query Parameters * sort - 1a * Qty_ProdId_15985 - 0 * Qty_ProdId_15984 - 0 * Qty_ProdId_15981 - 0 * Qty_ProdId_15977 - 0 * cPath - 1350_507_1203 * products_id - 10133 * action - add_slave\'SQL * Qty_ProdId_15980 - 0 * Qty_ProdId_15983 - 0 * Qty_ProdId_15982 - 0 * Qty_ProdId_15978 - 0 * Qty_ProdId_15979 - 0 * page - 1 And the URL it gave me that creates the error: http://www.alchemyindustrial.com/product_info.php?sort=1a&action=add_slave\'SQL&cPath=1350_507_12 Thanks everyone. We are so close to being live it's starting to hurt! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.