WordPress.org

Ready to get started?Download WordPress

Forums

MySQL Database Error Disclosure Vulnerability (5 posts)

  1. jas235032
    Member
    Posted 6 years ago #

    I have a blog set up as a subdirectory of my e-comm site and everything gets scanned for PCI compliance, etc by scanalert. They found the following vulnerabilities that I need to get fixed:
    During our analysis of your web application, we were able to intentionally generate database specific errors. By causing a system to output errors such as these, it is often possible to determine the database version and inject database command syntax that would allow us to extract data.

    There recommended fix is this:
    THE SINGLE BEST WAY TO FIX THIS VULNERABILITY IS TO IDENTIFY THE ACCEPTABLE INPUT FOR EACH FORM PARAMETER AND REJECT INPUT THAT DOES NOT MEET THAT CRITERIA.

    The following is an acceptable solution however it is not optimal.

    Implement content parsing on data input fields including URL parameters.

    Remove the following characters from any user or dynamic database input: (examples in VBScript)

    ' (escape the single quote) input = replace( input, "'", "''" )
    " (double quote) input = replace( input, """", "" )
    ) (close parenthesis) input = replace( input, ")", "" )
    ( (open parenthesis) input = replace( input, "(", "" )
    ; (semi-colon) input = replace( input, ";", "" )
    - (dash) input = replace( input, "-", "" )
    | (pipe) input = replace( input, "|", "" )

    On text input it is recommended to append quotes around the user supplied input.

    Where and how can I apply these changes?
    Thanks

  2. whooami
    Member
    Posted 6 years ago #

    they or you are going to need to identify what specifically is causing 'that' before anyone can help you.

    That, or you can suppress all mysql errors; that will fix that symptom but frankly, it would be wise to know what they are actually calling to cause the error before doing so.

  3. jas235032
    Member
    Posted 6 years ago #

    These are the queries they were using:
    Referer=https%3A%2F%2Fwww.amishroundtables.com%3A443%2F%3FMode%3Ddebug
    Cookie=whostmgrrelogin%3Dno
    Cookie=whostmgrsession%3Dclosed
    Cookie=cprelogin%3Dx%27%3B%22%2C%29%60
    Cookie=cpsession%3Dclosed
    Cookie=logintheme%3Dcpanel
    Cookie=webmailrelogin%3Dno
    Cookie=webmailsession%3Dclosed

    Thanks for your reply by the way

  4. whooami
    Member
    Posted 6 years ago #

    those arent queries, those are the headers they sent. and even if I wanted to 'test' that, I cant since you havent provided your own url (i should have mentioned that before)

  5. jas235032
    Member
    Posted 6 years ago #

    It's been fixed by my hosting company. They had something configured funky. They didn't say what but it no longer happens.
    Who knows servers are greek to me! Oh well at least they took care of it.
    Thanks for your time whooami. At least I know it's not WP related.

Topic Closed

This topic has been closed to new replies.

About this Topic