mightyx Posted December 29, 2016 Share Posted December 29, 2016 Hi there, I've discovered a security problem in my modded osc store (based on a rc2a). When someone extends the product_id in the product_info URI with SQL commands, it seems that code is executed. At least it returns a 1064 error on my store. Anyone has an idea how to fix this? Link to comment Share on other sites More sharing options...
bonbec Posted December 29, 2016 Share Posted December 29, 2016 add a (int) before $_GET['products_id'] in the query : $product_check_query = tep_db_query("select count(*) as total from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd where p.products_status = '1' and isnull(products_date_available) and p.products_id = '" . (int)$_GET['products_id'] . "' and pd.products_id = p.products_id and pd.language_id = '" . (int)$languages_id . "'"); with OsC 2.2 since 2006 ... Link to comment Share on other sites More sharing options...
MrPhil Posted December 29, 2016 Share Posted December 29, 2016 Wherever an application has either user input or GET data being used for display or database operations, it must first be sanitized to rid it of any malicious content (e.g., Javascript embedded into displayed HTML content, or SQL embedded into a product ID). osC has been improving in this regard, although it's likely some vulnerabilities have escaped notice so far. osC 2.2 RC2a is horribly obsolete and vulnerable to hacks -- you might want to take a look at osC 2.3.4 BS Edge (the current latest release, although you have to get it from GitHub). If your 2.2 release has been "highly" modified, you're on your own -- you've forked your own version. Don't expect the community here to be able to help you out, since no one in their right mind runs something that old and still expects support from here. Do take the time to install and try out "Edge", and see what modifications you'll need to make. It may be far less painful than trying to keep your old system running. At the least, you can see if it still has this vulnerability present. If most of your changes have been cosmetic, it may be very easy to convert (and your existing data can be saved). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.