Jump to content

designcraft

Members
  • Content count

    81
  • Joined

  • Last visited

Profile Information

  • Real Name
    Lindsay
  • Gender
    Female
  1. This is where I posted last time. You can see me on page 8. I use Security Pro for protection on my website and you have helped me in the past. I will post this somewhere else. Thank you for your time. lindsay
  2. Hello, Once again my site is failing. Security Metrics always sends me possible Blind SQL injections. Could you look at this again and let me know what may be happening? I haven't made any upgrades or added any new contributions to the store since the last time I was on this forum. Thank you! Possible blind sql injection on http://domain.com/shop/advanced_search_result.php?action=buy_now&keywords=dog+mom+long+sleeve&sort=2a'>http://domain.com/shop/advanced_search_result.php?action=buy_now&keywords=dog+mom+long+sleeve&sort=2a wp - -bs ql "http://domain.com/shop/advanced_search_result.php?action=buy_now&keywords =dog+mom+long+sleeve&sort=2a" "http://domain.com/shop/advanced_search_result.php?action=buy_now+and+1%3D1&keywords=dog+mom+long+sleeve&sort=2a" TCP http/https 4 "http://domain.com/shop/advanced_search_result.php?action=buy_now+and+1%3D0&keywords=dog+mom+long+sleeve&sort=2a" cat <<EOF > bs ql.s h curl -L "http://domain.com/shop/advanced_search_result.php?action=buy_now+and+1%3D1&keywords=dog+mom+long+sleeve&sort=2a"> a curl -L "http://domain.com/shop/advanced_search_result.php?action=buy_now+and+1%3D0&keywords=dog+mom+long+sleeve&sort=2a"> b diff a b EOF s h bs ql.s h This website may have other injection related vulnerabilities.
  3. designcraft

    [Contribution] Discount Coupon Codes

    Hello, I have used this contribution on another site that I have but before I put it on another site, is this PHP 5.3 compatible? Thank you!
  4. Oh I see. :) Well thank you so much for your quick responses to everything. If there is anything that I could help you out with I would be more than happy to. Have a great weekend. :)
  5. So I wouldn't be able to see it only the security scanners? If there is an error, then some code needs adjusting? I know its not that easy but I just want to understand this a bit more. Thanks again!
  6. How will I know if it is bad? Will I be redirected somewhere else? Thanks again!
  7. Your fast response and help is well appreciated. May I ask you what you did to check this? Thanks again. :)
  8. Do you need the actual store's domain name or does this most likely mean a false positive again? Thanks again!
  9. This is the string :~$ curl -L -k "https://domain.com/shop/checkout_shipping.php?osCsid=78aee66e909a6dacdeb923ec74de4e5b+and+1%3D1"> a :~$ curl -L -k "https://domain.com/shop/checkout_shipping.php?osCsid=78aee66e909a6dacdeb923ec74de4e5b+and+1%3D0"> b :~$ diff a b
  10. Thank you very much! I really appreciate it! :)
  11. They sent this. What does this mean? :~$ curl -L -k "https://domain.com/shop/checkout_shipping.php?osCsid=78aee66e909a6dacdeb923ec74de4e5b+and+1%3D1"> a % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 22118 0 22118 0 0 30199 0 --:--:-- --:--:-- --:--:-- 30199 :~$ curl -L -k "https://domain.com/shop/checkout_shipping.php?osCsid=78aee66e909a6dacdeb923ec74de4e5b+and+1%3D0"> b % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 22118 0 22118 0 0 32090 0 --:--:-- --:--:-- --:--:-- 32090 :~$ diff a b 106c106
  12. I haven't heard back from SM yet so this is all I know. Possible blind sql injection on https://domain.com/shop/checkout_shipping.php?osCsid=78aee66e909a6dacdeb923ec74de4e5b wp --bsql "https://domain.com/shop/checkout_shipping.php?osCsid=78aee66e909a6dacdeb923ec74de4e5b" "https://domain.com/shop/checkout_shipping.php?osCsid=78aee66e909a6dacdeb923ec74de4e5b+and+1%3D1" "https://domain.com/shop/checkout_shipping.php?osCsid=78aee66e909a6dacdeb923ec74de4e5b+and+1%3D0" cat <<EOF > bsql.sh curl -L -k "https://domain.com/shop/checkout_shipping.php?osCsid=78aee66e909a6dacdeb923ec74de4e5b+and+1%3D1"> a curl -L -k "https://domain.com/shop/checkout_shipping.php?osCsid=78aee66e909a6dacdeb923ec74de4e5b+and+1%3D0"> b diff a b EOF s h bsql.s h This website may have other injection related vulnerabilities.
  13. Hello, I have had Security Pro installed on my site for well over a year now and recently I received a failing scan due to possible SQL injections. Do I need to have them make it a false positive again? This seems to happen a lot. I use Security Metrics. Thank you for help!
  14. designcraft

    Multiple-Shipping-Addresses 2

    I think that this would be a great contribution too. If an updated version comes out I would like to know. Thanks!
  15. designcraft

    unable to complete checkout process

    I have had this store running for a long time and I never had problems with the zones before. What should I be looking for?
×