Hi,
I use sitelock for my website which scans the website daily for viruses. I got an email from sitelock saying that 1 critical vulnerability has been detected.
[url]http://www.mysite.com/product-category[/url]
/product-name.html?sort_by%3Dpopularity%26
sort_order%3Ddesc
Sql Injection Info: Injection point : GET,Injection parameter :
sort_by,Injection type : stringdouble
Any ideas on how to fix this?
Thank you.
What version are you using?
That’s also a very generic message looking for keywords in GET parameters without being able to follow through and determine if the ‘value’ is compared against known values rather than being used blindly.
Its version 2.2
Any suggestions on how to fix it?
Dear rock007,
We investigated this problem thoroughly and failed to find any reasons for the
occurrence of this message from your scanner.
We do not use unverified information in sql requests.
This situation seems to be a scanner malfunction.
There is nothing to worry about.
Kind Regards.
Can you tell me the location of this .html page which contains all this code.
i mean where is this [url]http://www.mysite.com/product-category[/url]
Do i find it in Skins directory or…?
Thank you.