SQL Injection

After running McAfee secure scan on my Powerstore I found a few security issues I need help fixing. The largest seems to be SQL injection. I read in other post on the forum that this shouldn't be an issue with PS. Any advice is much appreciated.

What version of power store?


If it is PowerStore 3, go to your download center for power and look in the known issues section for the "PowerStore 3: Support Fix - Scripting Vulnerability" download. this should fix the problem.

If you still have an issue, please post the results of the mcaffee scan, this will hep us to identify where the problem is.

Thanks, that fixed the SQL injection but now the scan is finding a cross site scripting error. I have to make this PCI compliant before handing it over to the client. I have not changed or added to any of the php. The only changes I have made to the site have all been on the CSS files. Help please.

can you post the scan report? this will help me determine what needs to be looked at.

Jason what format would you like me to paste it in? I have attached a screenshot of what it is telling me. Let me know if you need it in a different format or a different part of the scan.

hmmm, in the WA_ValidationToolkit/WAVT_ValidatedForm_PHP.php file, change line 20:

return $retVal;

to:

return str_replace("<","&lt;",str_replace(">","&gt;",str_replace('"',"&quot;",$retVal)));

Thanks, I have a few more problems with cross site scripting. I attached a pdf with a copy of the vulnerabilities.

on the admin/index.php page

change:

<form id="form1" name="form1" method="post"  action="index.php?failed=1<?php echo(isset($_SERVER["QUERY_STRING"])?"&".($_SERVER["QUERY_STRING"]):""); ?>">

to:

<form id="form1" name="form1" method="post"  action="index.php?failed=1">

Thanks Jason, I have one more and then the site should be PCI Compliant. I have attached the PDF with the vulnerability.

the report is complaining about the products results page, but the price fields should not have an issue there, they are validated to be numeric.

the issue should only be on the search page.


on the products search page, find the following two lines of code:

<input type="text" name="S_ProductPrice" id="S_ProductPrice" value="<?php echo((isset($_GET["S_ProductPrice"]))?$_GET["S_ProductPrice"]:"") ?>" size="10" onblur="if (document.getElementById('priceRangeServerValidation')) document.getElementById('priceRangeServerValidation').style.display='none';" style="width: 114px;" />

and:

<input name="S_ProductPrice2" type="text" id="S_ProductPrice2" onblur="if (document.getElementById('priceRangeServerValidation')) document.getElementById('priceRangeServerValidation').style.display='none';" value="<?php echo((isset($_GET["S_ProductPrice2"]))?$_GET["S_ProductPrice2"]:"") ?>" size="10" style="width: 114px;" />

and checnge them to:

<input type="text" name="S_ProductPrice" id="S_ProductPrice" value="<?php echo((isset($_GET["S_ProductPrice"]))?str_replace("<","%3C",str_replace(">","%3E",str_replace('"',"%22", $_GET["S_ProductPrice"]))):"") ?>" size="10" onblur="if (document.getElementById('priceRangeServerValidation')) document.getElementById('priceRangeServerValidation').style.display='none';" style="width: 114px;" />

and:

<input name="S_ProductPrice2" type="text" id="S_ProductPrice2" onblur="if (document.getElementById('priceRangeServerValidation')) document.getElementById('priceRangeServerValidation').style.display='none';" value="<?php echo((isset($_GET["S_ProductPrice2"]))?str_replace("<","%3C",str_replace(">","%3E",str_replace('"',"%22", $_GET["S_ProductPrice2"]))):"") ?>" size="10" style="width: 114px;" />