Simple SEO URL (OLD version) [support thread]

[Mark_88]

Managed a temporary fix-

That image wasn't actually there. Have had to create that path and move an image there, so it's working for now.

I think I may have uploaded some files to the wrong directory, so will take a look through the FTP logs now and see if anything went wrong on my part.

Thank you for your quick reply

[preman]

It seems the latest version is not available to download in this forum.
Could anybody offer the latest version ?
Thanks in advance.

[yellow1912]

It seems the latest version is not available to download in this forum.
Could anybody offer the latest version ?
Thanks in advance.

http://public.rubikintegration.com/

[bfmarini]

Hi there,

I've had this mod installed for a while now and everything is working great. I use the McAfee Secure service on our site and recently it's been catching vulnerabilities as a result of some apostrophes being placed in the url....

The test tries to launch the following URL ...

http://www.kids-n-cribs.com/?main_pa...ab5mj8l2kcj926

and the page returns the following error message:

1222 The used SELECT statements have a different number of columns
in:
[SELECT manufacturers_name FROM manufacturers WHERE manufacturers_id ='1 union select 1,' union select 1,'']


It's being caught as a vulnerability as it's revealing information about the underlying database.

Is there something I can do to catch these types of URL injections before they actually hit the database?

Thanks, Bryan

[yellow1912]

This really has nothing to do with ssu, i guess you better check your zencart version.

[bfmarini]

This really has nothing to do with ssu, i guess you better check your zencart version.

I'm using the most recent zencart and have an identical site running the same version, less the ssu that's not having the problem.

Do you have any ideas as to where this might be able to be fixed?

[yellow1912]

Editing: give me 5 mins to check
Just to make sure, please download 3.6.6 from the server (redownload even if you already have it). And then upload again

[bfmarini]

Editing: give me 5 mins to check
Just to make sure, please download 3.6.6 from the server (redownload even if you already have it). And then upload again

I've upgraded to 3.6.6 on our test site.

There is still an error message, but it's changed a bit

http://www.kids-n-cribs.info/?main_p...ab5mj8l2kcj926

1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'union select 1,'/%' ) AND status = 1 ORDER BY length(link_alias) DESC' at line 1
in:
[SELECT DISTINCT link_url, link_alias FROM links_aliases WHERE (link_url LIKE '%/manufacturers_id/%' OR link_url LIKE '%/1 union select 1,' union select 1,'/%' ) AND status = 1 ORDER BY length(link_alias) DESC]

Any other thoughts?

Edit: I went ahead and turned off SSU on our test site and the same link no longer displays an error message, but simply takes you to the home page and says there are no products to display in this category.

[yellow1912]

Huhm, weird, since I cant duplicate it, but try this

go to includes/classes/ssu/cores/alias.php

Find

PHP Code:

$name = "/$name/";
            $_name = "/$_name/"; 


Replace by

PHP Code:

            $name = zen_db_input("/$name/");
            $_name = zen_db_input("/$_name/");
            $id = zen_db_input($id); 


[bfmarini]

I made that change but the problem is still there.

I turned SSU back on, so you should see the error if you use this URL:

http://www.kids-n-cribs.info/?main_p...ab5mj8l2kcj926

From the error message, it looks like the SQL error is getting thrown in this group of code

// Aliases needed to be loaded on demand
static function retrieveAliasesOnDemand($params, $field, $compare, $links, $aliases, $status=null){
$elements_to_query = array_diff(explode('/',$params), self::$$compare);
if(count($elements_to_query) > 0) {
foreach($elements_to_query as $element){
$conditions[] = "$field LIKE '%/$element/%' ";
}
$conditions = implode(' OR ', $conditions);
$query_string = 'SELECT DISTINCT link_url, link_alias FROM '.TABLE_LINKS_ALIASES." WHERE ($conditions)";
$query_string .= !empty($status) ? " AND status = $status" : '';
$query_string .= " ORDER BY length(link_alias) DESC";
global $db;
$alias_result = $db->Execute($query_string);
while(!$alias_result->EOF){
array_push(self::$$aliases, $alias_result->fields['link_alias']);
array_push(self::$$links, $alias_result->fields['link_url']);
$alias_result->MoveNext();
}
}
}

Specifically where the SELECT DISTINCT ... .query is being created. Is there a way to sanitize the data as it's building the conditions array?