close ad
Databridge V2 with MySQLi support IS Now Available!
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Cross site scripting problem

Thread began 12/09/2010 3:35 pm by bchilds | Last modified 12/10/2010 10:54 am by Jason Byrnes | 1490 views | 7 replies |

bchilds

Cross site scripting problem

I am getting a xss error

Products_Detail.php?ProductID=6"><script>alert(123)<%2Fscript>"

php page attached...

Please help if you can... I am at wits end.

BChilds

PS. If there are anyphp programmers out there with e-commerce/PCI experience and are looking, please drop me a line. jobs@smokehouse.ca

Attached Files
Products_Detail.zip
Sign in to reply to this post

Jason ByrnesWebAssist

what version of power store is this? If it is version 3, this was fixed in the 3.01 update.

otherwise, please post a link where i could see the problem to investigate.

Sign in to reply to this post

bchilds

Products_Detail.php?ProductID=137

Unfortunately Powerstore 2

injection example...
Products_Detail.php?ProductID=6%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E%22|

Sign in to reply to this post

Jason ByrnesWebAssist

on the product detail page, change line 600:

php:
$query_OptionValues = sprintf("SELECT options.OptionName, productoptions.ProductID, products.ProductLive FROM options INNER JOIN productoptions ON productoptions.OptionID = options.OptionID INNER JOIN products ON products.ProductID = productoptions.ProductID WHERE OptionGroupID = ".$row_ProductOptions['OptionGroupID']."  AND GroupingID = (SELECT GroupingID FROM productoptions WHERE productoptions.ProductID = ".$PIDParam_ProductOptions." LIMIT 1) ".$AddToWhere." ORDER BY OptionName", GetSQLValueString($OGIDParam_OptionValues, "int"));


to:

php:
$query_OptionValues = sprintf("SELECT options.OptionName, productoptions.ProductID, products.ProductLive FROM options INNER JOIN productoptions ON productoptions.OptionID = options.OptionID INNER JOIN products ON products.ProductID = productoptions.ProductID WHERE OptionGroupID = ".$row_ProductOptions['OptionGroupID']."  AND GroupingID = (SELECT GroupingID FROM productoptions WHERE productoptions.ProductID = %s LIMIT 1) ".$AddToWhere." ORDER BY OptionName", GetSQLValueString($OGIDParam_OptionValues, "int"), GetSQLValueString($PIDParam_ProductOptions, "int"));
Sign in to reply to this post

bchilds

OK your very close..but

I tried that but I'm losing my product options in the drop down menu.

Products_Detail_new.php?ProductID=1

Bchilds

Sign in to reply to this post

Jason ByrnesWebAssist

in testing on my copy of the power store 2 details page, i cannot reproduce the problem you are experiencing.

Investigating the detail page further, i see a lot of customization, record sets that have been added, tables that have been added, The custom coding is rendering this details page usuportable.

Sign in to reply to this post

bchilds

Hi Jason

I figured it out. Your solution, although didn't help me right away, showed me where the problem was occurring and I was able to go from there.

You had the order of the calls to the function GetSQLValueString reversed in your solution.

Thanks for all your help! You saved me much agony.

Cheers,

BChilds

Sign in to reply to this post

Jason ByrnesWebAssist

Great, glad to hear that is is working.

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...