Jump to content

piciui

Members
  • Content count

    6
  • Joined

  • Last visited

1 Follower

Profile Information

  • Real Name
    piciui

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. piciui

    SQL injection?

    thank you @JcMagpie work in this way:
  2. piciui

    SQL injection?

    I think because source have [ ]: src="includes/fckeditor/editor/fckeditor.html?InstanceName=products_description[6]&Toolbar=osCPRO"
  3. piciui

    SQL injection?

    Yes it's work. this one cause a error on FCK editor (file attached). Do you know how to fix ?
  4. piciui

    SQL injection?

    Yes, I think it's sql injection. Just update htaccess and add: RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) RewriteRule ^(.*)$ index_error.php [F,L] RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] but I think htaccess work only for standard site and not for mobile version, right?
  5. piciui

    SQL injection?

    Hi, is it a sql injection? /mobile_product_info.php?cPath=500&products_id=78295'+and(%2f*%2fsElEcT+1+%2f%2ffRoM(%2f%2fsElEcT+count(),%2f*%2fcOnCaT((%2f%2fsElEcT(%2f%2fsElEcT+%2f%2fcOnCaT(0x217e21,%2f%2fvErSiOn(),0x217e21))+%2f%2ffRoM+information_schema.%2f%2ftAbLeS+%2f%2flImIt+0,1),floor(rand(0)*2))x+%2f%2ffRoM+information_schema.%2f%2ftAbLeS+%2f%2fgRoUp%2f*%2fbY+x)a)+and+'1'='1 HTTP/1.0" 200 2659
  6. piciui

    RMA Returns error for 2.2 MS2

    Hi, I have a problem whit this contribution. Fatal error: Cannot redeclare tep_db_connect() (previously declared in ***/catalog/includes/functions/database.php:13) in /***/catalog/includes/functions/database.php on line 13 function tep_db_connect($server = DB_SERVER, $username = DB_SERVER_USERNAME, $password = DB_SERVER_PASSWORD, $database = DB_DATABASE, $link = 'db_link') { global $$link; Can anyone help me? Thanks, PiCiui
×