SQL injection, admin password and email address vulnerability

[9902468]

Hi, just red this at Secunias site:

http://secunia.com/advisories/25412/

Seems that we have a problem. Well, no not really as here is the solution:

_dbquery.php, function sql_query($query), add this function to top to disallow ALL union queries. (None found from the system.)

Code:

      if(strpos(strtolower($query), "union") > 0 ){
            die ("Sql error.");
      }

To be on the safe side add these also. (Dies if the id is not numeric.)
product.main.php

Code:

  if( isset($_GET['id_product']) && !is_numeric($_GET['id_product']) ){
  die("Invalid product.");
  }

category.main.php

Code:

  if( isset($_GET['id_category']) && !is_numeric($_GET['id_category']) ){
  die("Invalid category.");
  }

Ofcourse, these checks should be added to every single primary key load, as the key is always number.
Hopefully cpCommerce is little safer again.

 - 99

[tinpalace]

My site was hacked today JUNE 27/07

Garbage text has been inserted into various fields in the DB. In process of resolving.

I'm sure the hackers visit this forum to get gratification for their mayhem.

Thank you for the code above. I am hoping that CPCommerce incorporates this into a release rather then every user having to make these changes themselves since I imagine that if we make these changes ourselves it will be harder to update with the next release.

______________

I am running v1.0.7.3 - Does anyone know if the above issue is addressed in 1.1.0 - thanks!!!

[cpradio]

This is completed in v1.2.0