Käynnissä

SQL Error Disclosure

When an invalid string is added to my address it discloses the sql error on screen. It needs to be corrected to show some sort of generic error message so the error does not risk leak of information which could result in a hack.

This from McAfee Secure, the scanning software that I use on my site who made me aware of the issue:

During our analysis of your web application, we were able to intentionally generate database specific errors. By causing a system to output errors such as these, it is often possible to determine the database version and inject database command syntax that would allow us to extract data.

The information gathered from the specific error responses generated using various input validation techniques by the web application scanner has determined the remote host may be running a MySQL database.

The extent of the damage that can be caused by this vulnerability varies greatly depending on environment and configuration. While input validation via webapp may cause a database to generate an error, the database configuration will also play an important role in determining how much it can be altered. A remote attacker may be able to gain access to very sensitive information, or gain administrative access.

Site is oscommerce and mysql database.

Taidot: PHP, SQL, Verkkoturva

Näytä lisää: web site error, no disclosure, invalid web address, generic data access, on sql, message error, error 0, webapp, webapp message, web scanner, vulnerability scanner, sql software, sql c, sql access, security vulnerability, security scanner, role play , mysql error, inject, error, access sql, php sql syntax error, scanner access database, mysql allow remote, php mysql webapp

About the Employer:
( 42 reviews ) ramona, United States

Projektin tunnus: #482491

Myönnetty käyttäjälle:

Sotirov

Hello, I'm very experienced with oscommerce and database security. I can fix the error pretty fast if you choose me now, or tomorrow if you choose me later. I'll work on your server only after escrow payment. Regards, Lisää

30 $ USD 0 päivässä
(58 arvostelua)
6.7

6 freelanceria on tarjonnut keskimäärin 35 $ tähän työhön

wildCat

check pm, please

60 $ USD 1 päivässä
(277 arvostelua)
8.2
cygital

I can fix it.

30 $ USD 0 päivässä
(31 arvostelua)
5.9
devservice

Can fix it easy. Thanks.

30 $ USD 0 päivässä
(93 arvostelua)
5.7
Miladin

Ready to start anytime.

30 $ USD 1 päivässä
(30 arvostelua)
5.4
prayathana

I have already worked oscommerce projects, I would be glad to work on this issue too. I have experience of 3 years as PHP Programmer. Currently working as Senior Programmer.

30 $ USD 1 päivässä
(0 arvostelua)
0.0