vanzantz Posted August 10, 2019 Share Posted August 10, 2019 Reviewing a site I am working and using sql map I am getting a postiive hit for $_GET['reviews_id'] in the product_reviews_info.php file. Examining the flagged file it's using typecasting with (int) on the instances with the get request and the parameter. This does not appear to be resolving the positive hit for the sql injection. Are there any tips on how to address with this platform? mysql_real_escape(); ? Researching for a fix I see this vulnerability being reported: https://www.exploit-db.com/exploits/46330 https://www.nmmapper.com/st/exploitdetails/46330/40818/oscommerce-2341-reviews_id-sql-injection/ Link to comment Share on other sites More sharing options...
swguy Posted August 11, 2019 Share Posted August 11, 2019 Neither of those links work - please check and repost. Contributions: Better Together and Quantity Discounts for osCommerce 2.3.x and Phoenix. See my profile for more details. Link to comment Share on other sites More sharing options...
♥Dan Cole Posted August 11, 2019 Share Posted August 11, 2019 1 hour ago, swguy said: Neither of those links work - please check and repost. You can copy and paste them into the address bar. Dan Need help? See this thread and provide the information requested. Is your version of osC up to date? You'll find the latest osC community version (CE Phoenix) here. Link to comment Share on other sites More sharing options...
swguy Posted August 11, 2019 Share Posted August 11, 2019 Weird. I could swear it didn't work yesterday when I tried that. Contributions: Better Together and Quantity Discounts for osCommerce 2.3.x and Phoenix. See my profile for more details. Link to comment Share on other sites More sharing options...
videod Posted October 7, 2019 Share Posted October 7, 2019 On 8/10/2019 at 10:54 AM, vanzantz said: Reviewing a site I am working and using sql map I am getting a postiive hit for $_GET['reviews_id'] in the product_reviews_info.php file. Examining the flagged file it's using typecasting with (int) on the instances with the get request and the parameter. This does not appear to be resolving the positive hit for the sql injection. Are there any tips on how to address with this platform? mysql_real_escape(); ? Researching for a fix I see this vulnerability being reported: https://www.exploit-db.com/exploits/46330 https://www.nmmapper.com/st/exploitdetails/46330/40818/oscommerce-2341-reviews_id-sql-injection/ Was there a fix for this issue? Link to comment Share on other sites More sharing options...
videod Posted October 7, 2019 Share Posted October 7, 2019 I am guessing the security 2.3.4 and 2.3.4.1 BS issues are resolved by Phoenix? Link to comment Share on other sites More sharing options...
♥ecartz Posted October 8, 2019 Share Posted October 8, 2019 On 8/10/2019 at 1:54 PM, vanzantz said: Are there any tips on how to address with this platform? mysql_real_escape(); ? mysql_real_escape is deprecated. Casting to int is superior, but the recommended way would be to change to parameterized queries via something like PDO. Phoenix deprecated product reviews, so it wouldn't have this particular issue. Always back up before making changes. Link to comment Share on other sites More sharing options...
inrifoundation Posted October 19, 2019 Share Posted October 19, 2019 Hello everyone I am trying to find a ROOT PASSWORD to try and get my OSCOMMERCE download to work through the MySql program I have on my computer and it asks for a root password and I just don't know what it could be... Link to comment Share on other sites More sharing options...
ArtcoInc Posted October 20, 2019 Share Posted October 20, 2019 @inrifoundation installation is the same regardless of whether you install it on your local server, or your host's server ... Malcolm PS: Hijacking a thread (changing the subject within the thread) is poor form. Please start a new thread with your question. PPS: Since you are doing a clean install, please be sure to use the Community Edition 'Phoenix' version of osC (link in my signature), and not the 'official' release. The 'official' release is very much out of date. Link to comment Share on other sites More sharing options...
♥BrockleyJohn Posted October 20, 2019 Share Posted October 20, 2019 @vanzantz those two exploit reports are from the same bloke and they are not verified. I think they are wrong, he doesn't understand what a boolean-based sql injection attack is or for that matter how to test for a sql injection vulnerability of any kind. FWIW I am confident your tool is reporting a false positive and the code is perfectly safe. I can find no report anywhere that integer casting is not proof against injection. You always end up with an integer, so you can never get anything but found or not found for a match to the review_id and you can't add anything to the sql statement. Of course it's possible he's just a better hacker than I am a coder 😉 Contact me for work on updating existing stores - whether to Phoenix or the new osC when it's released. Looking for a payment or shipping module? Maybe I've already done it. Working on generalising bespoke solutions for Quickbooks integration, Easify integration and pay4later (DEKO) integration at 2.3.x Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.