Jump to content

Search the Community

Showing results for tags 'xss'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • News and Announcements
    • News and Announcements
  • osCommerce v4.x
    • General Support
    • Migration from old osCommerce
    • Design and Templates
    • Apps / Add-ons
    • Translations
    • API and import/export
    • Marketplace integration
    • Manuals and How-to
  • osCommerce Online Merchant v2.x
    • General Support
    • osCommerce Online Merchant Community Bootstrap Edition
    • Add-Ons
  • Development
  • General
    • General Discussions
    • Live Shop Reviews
    • Security
    • Developer Feedback
  • PayPal's Announcements
  • Sage Pay's Announcements
  • Solomono - new level osCommerce templates's Announcements
  • German Community's OSCOM v2.x
  • German Community's Allgemein

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Real Name


Location


Interests


Website

Found 1 result

  1. chluo

    Potencial XSS vulnerability

    I am using osCommerce2 and find one potential XSS vulnerability in its version 2.3.4.1: osCommerce implements function tep_db_query() to execute SQL statement. In case of MySQL error, the function tep_db_query() would call tep_db_error() to handle the mysql errors: $result = mysqli_query($$link, $query) or tep_db_error($query, mysqli_errno($$link), mysqli_error($$link)); The tep_db_error() function basically calls die() function to display the error back to users: die('<font color="#000000"><strong>' . $errno . ' - ' . $error . '<br /><br />' . $query . ' ...); The $query variable is sent by users and is well sanitized against SQL injection. However, it will also be used in the die() function (a sensitive XSS function like echo()) when Mysql returns errors. In multiple files (e.g., "/admin/modules.php") , the $query variable is not sanitized (against XSS) and can be exploited because of the die() function. I suggest adding XSS sanitizers in the tep_db_error() function to avoid this kind of attack.
×