Results 1 to 2 of 2
  1. #1
    Join Date
    Apr 2012

    SQL Injection Protection Escaping Queries

    What has SunShop done in the latest release to protect against SQL injections?

    Looking at the latest source code from SunShop. I'm not impressed with the direct calls to Globals in SQL queries. For example:
    Line 478 in global.php:
    PHP Code:
                $prod $DB_site->query_first("SELECT * FROM `".$dbprefix."orders_products` where `orderid`='".$_GET[oid]."' AND `productid`='".$_GET[pid]."'"); 
    Hrm, maybe we are escaping the queries in query_first()... Nope.
    PHP Code:
        function query_first($query_string) {
    $query_id $this->query($query_string);
    $returnarray $this->fetch_assoc($query_id$query_string);
    So the million dollar question is: What is keeping an attacker from using this to their advantage?

  2. #2
    Join Date
    Aug 2006
    San Diego, CA
    All variables are cleaned in the libsecure.php file before that are used in any of the code. The libsecure.php is the first file called so everything passes through that file.
    Chris Talavera
    Turnkey Web Tools, Inc.

Similar Threads

  1. avail_to, what does this do for queries?
    By entee in forum Troubleshooting and Problems
    Replies: 2
    Last Post: 01-13-2012, 06:24 AM
  2. Customization related queries(help)
    By archunan in forum Services & For Sale
    Replies: 0
    Last Post: 11-30-2009, 10:10 PM
  3. Replies: 1
    Last Post: 02-05-2009, 04:45 PM
  4. PHP Injection Exploit issues
    By rcullet in forum Troubleshooting and Problems
    Replies: 8
    Last Post: 11-11-2008, 01:44 PM
  5. Paypal Check out protection
    By saw in forum General Discussion
    Replies: 2
    Last Post: 03-27-2006, 01:46 PM


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts