close ad
Databridge V2 with MySQLi support IS Now Available!
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

SQL Injection

Thread began 8/18/2010 12:44 pm by lorgain396837 | Last modified 9/15/2010 10:02 am by lorgain396837 | 2873 views | 22 replies



We are still having problems. Here is the response they gave us about false positives.

McAfee has reviewed your request to resolve an open vulnerability issue, and determined that your explanation is not sufficiently descriptive to assure us that the issue was resolved properly. Due to insufficient information we are unable to approve your request to mark this issue resolved at this time.

Please log in and resolve the item again, by re-entering the details of actions you have taken to resolve this vulnerability. Please ensure your explanation is descriptive enough to illustrate that the issue was properly addressed.

Vulnerability: Web Application Cross Site Scripting

This is a valid vulnerbaility finding. After the redirection occurs the code is presented back to the user on the redirected page. See the RAW Request and Snipet of vulnerability code from the RAW Response below:

GET /Products_Search.php?ProductCategoryID%5B%5D=74& HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20100824 Firefox/3.5.12 (.NET CLR 2.0.50727)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: formBuilder.jsp
Cookie: PHPSESSID=9da759b67e1bc47605cefc4473813a38

Snipet from RAW Response:

<label for="S_ProductName">Keyword:</label>
<input type="text" name="S_ProductName" id="S_ProductName2" value=">\"></title></iframe></script></form></td></tr><iFraMe src= width=900 height=1100></IfRamE>" size="32" />
<label for="S_ProductPrice">Price Range:</label>

<span id="sprytextfield1">
<input type="text" name="S_ProductPrice" id="S_ProductPrice" value="%3E\\\%22%3E%3C/title%3E%3C/iframe%3E%3C/script%3E%3C/form%3E%3C/td%3E%3C/tr%3E%3Cbr%3E%3CiFraMe src= width=900 height=1100%3E%3C/IfRamE%3E" size="10" onblur="if (document.getElementById('priceRangeServerValidation')) document.getElementById('priceRangeServerValidation').style.display='none';" style="width: 114px;" />
Thank You,
McAfee SECURE Customer Support

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question





Ease of use


security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...