Results 1 to 2 of 2

Hybrid View

  1. #1
    Join Date
    Mar 2005
    Location
    California
    Posts
    663
    Plugin Contributions
    0

    Default Any current vulnerabilities in sqlpatch.php ?

    My host is blocking access to the sqlpatch.php

    Are there any current vulnerabilities in this file? I run ZC 1.3.9h on some stores, 1.3.7 on others, I have installed all the patches mentioned here:
    http://www.zen-cart.com/showthread.p...ply-for-v1-3-x

    This is the error:
    ModSecurity: Access denied with code 403 (phase 2). Pattern match ".php" at REQUEST_URI. [file "/var/asl/rules/99_asl_jitp.conf"] [line "2183"] [id "380628"] [rev "1"] [msg "Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zen Cart SQL injection exploit"] [severity "CRITICAL"] [hostname "www.removed.com"] [uri "/removed/sqlpatch.php"]


    They told me they can unblock it, but I want to make sure it's safe before they do that.

    Thanks.

  2. #2
    Join Date
    Jan 2004
    Posts
    66,446
    Plugin Contributions
    81

    Default Re: Any current vulnerabilities in sqlpatch.php ?

    If you are using v1.3.9h or newer, there is no vulnerability with sqlpatch.php

    But your 1.3.7 site shouldn't be trusted. You NEED to upgrade that site. Whether you've "patched" it or not.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

 

 

Similar Threads

  1. admin/sqlpatch.php bug
    By emupilot in forum Bug Reports
    Replies: 0
    Last Post: 29 Sep 2007, 11:56 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg