rule Posted January 14, 2021 Share Posted January 14, 2021 1. We got alerted to a potential XSS vulnerability in the following scenario. /advanced_search_result.php?keywords=[removed]alert('SAINT')[removed] Solution: cross-site scripting can be fixed by modifying the application's code on the server to HTML-encode user-supplied characters which have special meaning when rendered in a browser. That is, change < to &lt;, > to &gt;, & to &amp;, and " to &quot;. Some web application programming languages contain functions for this purpose, such as htmlspecialchars() in PHP. Doesn't osC already use htmlspecialchars? 2. On another note, there is also an integer-based SQL injection vulnerability in products_id parameter when the following is used. /product-name-p-4413.html?action=add_product We do use Ultimate SEO to rewrite the stock URLs but would that be true of default settings as well? Solution: all user-supplied parameters should be checked for illegal characters, such as a single quote ('), before being used in an SQL query. Any insight on addressing the two above issues would be greatly appreciated. These could well be false positives. Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.