Need a first aid solution for vulnerability in scripts

Hi,

My site’s got below issue and I don’t really know how I can first-aid to this situation.
Any advice will be appreciated…

And all the action=“ is fixed to action=“”.

I attached two files:
- confirm.php
- 131_cvrs.php

|
|
|
|

Using the GET HTTP method, SiteLock found that :

+ The following resources may be vulnerable to arbitrary command execution (time based) :

+ The 'fax' parameter of the /parts/confirm.php CGI :

/parts/confirm.php?vto=&street2=&street1=&state_province=&exp_year=&exp_
month=&email=&del_detail=&cvv=&country=&Submit_order=Checkout&ad_detail=
&cc_number=&cc_type=&city=&postcode=&firstname=&lastname=&payee=&phone=&
fax=x%20%7C%7C%20ping%20-n%203%20127.0.0.1%20%26

-------- output --------

------------------------

+ The 'RCUK_2_ID_Add' parameter of the /parts/131_cvrs.php CGI :

/parts/131_cvrs.php?RCUK_View_100=View%20orders&RCUK_9_Quantity_Add=1&RC
UK_8_ID_Add=743&RCUK_8_ATC=Add%20to%20order&RCUK_7_Quantity_Add=1&RCUK_7
_Options_Add=402%2b%2fT%2fTop%2fM%2c%20for%20402%2b%2c%20traditional%20r
igger%2c%20top%20cox%2c%20mid%20section%20(1180cm%2f163cm)&RCUK_7_ID_Add
=742&RCUK_5_Quantity_Add=1&RCUK_5_Options_Add=402%2b%2fT%2fTop%2c%20for%
20402%2b%2c%20traditional%20rigger%2c%20top%20cox%20(1180cm%2f163cm)&RCU
K_5_ID_Add=740&RCUK_5_ATC=Add%20to%20order&RCUK_4_Quantity_Add=1&RCUK_3_
ID_Add=732&RCUK_3_ATC=Add%20to%20order&RCUK_2_Quantity_Add=1&RCUK_2_Opti
ons_Add=401-%2fW%2c%20for%20401-%2c%20wing%20rigger&RCUK_9_Options_Add=4
02%2b%2fT%2fSte%2c%20for%20402%2b%2c%20traditional%20rigger%2c%20stern%2
0cox%20(1180cm%2f163cm)&RCUK_12_Options_Add=402%2b%2fW%2fSte%2fM%2c%20fo
r%20402%2b%2c%20wing%20rigger%2c%20stern%20cox%2c%20mid%20section%20(118
0cm%2f163cm)&RCUK_12_ID_Add=747&RCUK_12_ATC=Add%20to%20order&RCUK_11_Qua
ntity_Add=1&RCUK_11_Options_Add=402%2b%2fT%2fSte%2fM%2c%20for%20402%2b%2
c%20traditional%20rigger%2c%20stern%20cox%2c%20mid%20section%20(1180cm%2
f163cm)&RCUK_11_ID_Add=746&RCUK_10_ATC=Add%20to%20order&RCUK_10_ID_Add=7
45&RCUK_10_Options_Add=402%2b%2fW%2fSte%2c%20for%20402%2b%2c%20wing%20ri
gger%2c%20stern%20cox%20(1180cm%2f163cm)&RCUK_10_Quantity_Add=1&RCUK_11_
ATC=Add%20to%20order&RCUK_12_Quantity_Add=1&RCUK_1_ATC=Add%20to%20order&
RCUK_1_ID_Add=730&RCUK_1_Options_Add=401-%2fT%2c%20for%20401-%2c%20tradi
tional%20rigger&RCUK_1_Quantity_Add=1&RCUK_2_ATC=Add%20to%20order&RCUK_3
_Options_Add=401-%2fT%2fM%2c%20for%20401-%2c%20traditional%20rigger%2c%2
0mid%20section&RCUK_3_Quantity_Add=1&RCUK_4_ATC=Add%20to%20order&RCUK_4_
ID_Add=733&RCUK_4_Options_Add=401-%2fW%2fM%2c%20for%20401-%2c%20wing%20r
igger%2c%20mid%20section&RCUK_6_ATC=Add%20to%20order&RCUK_6_ID_Add=741&R
CUK_6_Options_Add=402%2b%2fW%2fTop%2c%20for%20402%2b%2c%20wing%20rigger%
2c%20top%20cox%20(1180cm%2f163cm)&RCUK_6_Quantity_Add=1&RCUK_7_ATC=Add%2
0to%20order&RCUK_8_Options_Add=402%2b%2fW%2fTop%2fM%2c%20for%20402%2b%2c
%20wing%20rigger%2c%20top%20cox%2c%20mid%20section%20(1180cm%2f163cm)&RC
UK_8_Quantity_Add=1&RCUK_9_ATC=Add%20to%20order&RCUK_9_ID_Add=744&RCUK_2
_ID_Add=731%7C%7C%20ping%20-n%203%20127.0.0.1%20%26

-------- output --------

------------------------

Thank you so much for your help.
Rika

Can I have the url of the website to take a look?

On confirm.php, I see you have:
<form name="ecart_checkout_form" action=""<?php echo $_SERVER["PHP_SELF"]; ?>" method="post">

it should just be:
<form name="ecart_checkout_form" action="" method="post">

Same thing on your 131_cvrs.php page... a lot of times you have forms with:
<form name="RCUK_9_ATC_<?php echo $row_xed4_05["ProductID"]; ?>" method="POST" action=""<?php echo $_SERVER["PHP_SELF"]; ?><?php echo (isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] != "")?"?".$_SERVER["QUERY_STRING"]:""; ?>">

That should just be:
<form name="RCUK_9_ATC_<?php echo $row_xed4_05["ProductID"]; ?>" method="POST" action="">

I'd start by going through all of your <form> tags and make sure they don't have any php code in them. Definitely shouldn't have any references to $_SERVER["QUERY_STRING"] on the page at all at this point.

Hi Ray,

Thank you for your reply & advice. I will do what you suggested and let you know hot it goes.

Rika