vanzantz Posted August 10, 2019 Share Posted August 10, 2019 Reviewing a site I am working and using sql map I am getting a postiive hit for $_GET['reviews_id'] in the product_reviews_info.php file. Examining the flagged file it's using typecasting with (int) on the instances with the get request and the parameter. This does not appear to be resolving the positive hit for the sql injection. Are there any tips on how to address with this platform? mysql_real_escape(); ? Researching for a fix I see this vulnerability being reported: https://www.exploit-db.com/exploits/46330 https://www.nmmapper.com/st/exploitdetails/46330/40818/oscommerce-2341-reviews_id-sql-injection/ Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.