Jump to content

vanzantz

Members
  • Content count

    1
  • Joined

  • Last visited

  1. Reviewing a site I am working and using sql map I am getting a postiive hit for $_GET['reviews_id'] in the product_reviews_info.php file. Examining the flagged file it's using typecasting with (int) on the instances with the get request and the parameter. This does not appear to be resolving the positive hit for the sql injection. Are there any tips on how to address with this platform? mysql_real_escape(); ? Researching for a fix I see this vulnerability being reported: https://www.exploit-db.com/exploits/46330 https://www.nmmapper.com/st/exploitdetails/46330/40818/oscommerce-2341-reviews_id-sql-injection/
×