Jump to content
vanzantz

osCommerce 2.3.4.1 - 'reviews_id' SQL Vulnerabilities

Recommended Posts

Reviewing a site I am working and using sql map I am getting a postiive hit for $_GET['reviews_id'] in the product_reviews_info.php file.

Examining the flagged file it's using typecasting with (int) on the instances with the get request and the parameter.

This does not appear to be resolving the positive hit for the sql injection.

Are there any tips on how to address with this platform? mysql_real_escape(); ?

Researching for a fix I see this vulnerability being reported:

https://www.exploit-db.com/exploits/46330

https://www.nmmapper.com/st/exploitdetails/46330/40818/oscommerce-2341-reviews_id-sql-injection/

 

 

Share this post


Link to post
Share on other sites

Neither of those links work - please check and repost. 


Contributions: Better Together and Quantity Discounts for osCommerce 2.3.x and Phoenix. See my profile for more details.

Share this post


Link to post
Share on other sites
1 hour ago, swguy said:

Neither of those links work - please check and repost. 

You can copy and paste them into the address bar.

Dan

Share this post


Link to post
Share on other sites

Weird.  I could swear it didn't work yesterday when I tried that.  


Contributions: Better Together and Quantity Discounts for osCommerce 2.3.x and Phoenix. See my profile for more details.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×