Author Topic: SQL Injection in search (1.1Beta)  (Read 5902 times)

Sergejack

  • Beginner
  • *
  • Posts: 3
SQL Injection in search (1.1Beta)
« on: May 09, 2007, 11:18:26 am »
I found part of code that allows SQL injection using the search feature.

This file does the searching and is included in shop.browse.php.
I put into comments the part of the code that undo the SQL injection protecting work done on $keyword

shop_browse_queries.php
Code: [Select]
// This is the "normal" search
if( !empty($keyword) ) {
$sq = "(";
$keywords = explode( " ", $keyword, 10 );
$numKeywords = count( $keywords );
$i = 1;
foreach( $keywords as $searchstring ) {
/* SJ /*
$searchstring = trim( stripslashes($searchstring) );
*/
if( !empty( $searchstring )) {
/* SJ /*
if( $searchstring[0] == "\"" || $searchstring[0]=="'" )  {
$searchstring[0] = " ";
}
if( $searchstring[strlen($searchstring)-1] == "\"" || $searchstring[strlen($searchstring)-1]=="'" ) {
$searchstring[strlen($searchstring)-1] = " ";
}
$searchstring = trim( $searchstring );
*/
$sq .= "\n (`#__{vm}_product`.`product_name` LIKE '%$searchstring%' OR ";
$sq .= "\n `#__{vm}_product`.`product_sku` LIKE '%$searchstring%' OR ";
$sq .= "\n `#__{vm}_product`.`product_s_desc` LIKE '%$searchstring%' OR ";
$sq .= "\n `#__{vm}_product`.`product_desc` LIKE '%$searchstring%') ";
}
if( $i++ < $numKeywords ) {
$sq .= "\n  AND ";
}
}
$sq .= ")";
$where_clause[] = $sq;
}

gwen

  • Jr. Member
  • **
  • Posts: 332
Re: SQL Injection in search (1.1Beta)
« Reply #1 on: May 04, 2008, 15:25:51 pm »
hi,

I'm not sure to read well your post
do you have a solution for this ?
Gwen ex-dev team member. I used virtuemart to build www.doudouplanet.com a very good experience for me !

korb

  • Quality&Testing Team
  • Full Member
  • *
  • Posts: 685
  • VM 2.0 in heavy testing
    • Buy my work
Re: SQL Injection in search (1.1Beta)
« Reply #2 on: May 15, 2008, 14:21:58 pm »
well thats bad, please advise what should we do to prevent SQL injection in the search field.