I use sitelock for my website which scans the website daily for viruses. I got an email from sitelock saying that 1 critical vulnerability has been detected.
Sql Injection Info: Injection point : GET,Injection parameter :
sort_by,Injection type : stringdouble
Any ideas on how to fix this?
What version are you using?
That’s also a very generic message looking for keywords in GET parameters without being able to follow through and determine if the ‘value’ is compared against known values rather than being used blindly.
Its version 2.2
Any suggestions on how to fix it?
We investigated this problem thoroughly and failed to find any reasons for the
occurrence of this message from your scanner.
We do not use unverified information in sql requests.
This situation seems to be a scanner malfunction.
There is nothing to worry about.
Can you tell me the location of this .html page which contains all this code.
i mean where is this [url]http://www.mysite.com/product-category[/url]
Do i find it in Skins directory or…?