Post by HAO » Fri Aug 31, 2018 3:54 am

My website used to have a history of SQL injection attacks by hackers last year.

The reason is that the developer did not add the (int) string,

After repair, based on more than a year of observation, The problem has been solved.

But recently we have changed the new style, I am planning to make changes to all relevant code.

E.g:
$this->request->post['product_id']."'");
Changed to
(int)$this->request->post['product_id']."'");
Or
$this->request->post
Changed to
(int)$this->request->post
Replace with "post" and "get", add (int) or $this->db->escape() to achieve anti-SQL injection.

This is my advice from a friend, Excuse me, Like this change, can I avoid being SQL injection attacked?

My current version is: OpenCart 2.3.0.2 In the future, I might plan to upgrade to 3.1.x, Can I or need such an operation?
Last edited by HAO on Fri Aug 31, 2018 10:14 pm, edited 1 time in total.

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by thekrotek » Fri Aug 31, 2018 4:15 am

I don't really understand, how this can save you from SQL-injections. By (int) you basically convert the value from possible string to integer. But usually integer values are inserted in database table fields, which have INT or TINYINT type. If you pass something non-integer for such value, an SQL error will be returned. And, of course, you can't (int) the whole post array.

As for escape() function, it simply escapes special characters like quotes.

Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com


User avatar
Expert Member
Online

Posts

Joined
Sun Jul 03, 2016 12:24 am


Post by HAO » Fri Aug 31, 2018 4:33 am

Frankly, I don’t understand why, But at the time the same module, the same file, just an action, I can avoid being hacked to perform SQL injection attacks.

Change step
$this->request->post['product_id']."'");
Changed to
(int)$this->request->post['product_id']."'");
For this I also purchased Acunetix's mock attack, The same error message does not appear again.

therefore, I just want to ask if I need to change such changes to all the code?

Because I don't want to have the problem of leakage of order information again.

If such an action is useful, I might consider it.

Thank you for your reply!

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by straightlight » Fri Aug 31, 2018 5:10 am

The only problematic with these sanitizing changes are with the use of APIs. There are great number of engineers on the API server-end who developed their sanitizing technic stronger than others as they even insist on setting the parameter variables as is in order to validate those variables themselves automatically before submitting back a valid response.

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com contractor officials representative


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by thekrotek » Fri Aug 31, 2018 5:18 am

HAO wrote:
Fri Aug 31, 2018 4:33 am
Frankly, I don’t understand why, But at the time the same module, the same file, just an action, I can avoid being hacked to perform SQL injection attacks.
No, you can not. You simply sanitize the input, that's all.

Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com


User avatar
Expert Member
Online

Posts

Joined
Sun Jul 03, 2016 12:24 am


Post by HAO » Fri Aug 31, 2018 6:56 am

This is the code I was attacked by the hacker.
What do you mean, can I solve the problem by simply adding the string (int)?
if (!$json){
$result = $this->db->query("SELECT quantity,stock_status_id from ".DB_PREFIX."product where product_id = '".(int)$this->request->post['product_id']."'");
$product_qty = $result->row['quantity'];
$stock_status_id = $result->row['stock_status_id'];
if ($stock_status == '0'){
$stock_status_id = 0;
}

if (($product_qty < $product_qty) && ($stock_status_id == $stock_status)){
$json['error'] = $this->request->post['product_id'];
}
}

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by IP_CAM » Fri Aug 31, 2018 9:48 am

It would be interesting to know, if something like this possibly has some potitive
Effect on global SQL Security ? (Regardless of seemengly only be valid for 1.5.6.x )
Ernie
---
https://dev.mysql.com/doc/refman/5.7/en ... tions.html
https://dev.mysql.com/doc/refman/8.0/en ... enssl.html
---
Mysqli w/ SSL Certs
MySQLi with SSL support. This will allow for secure database communication via SSL.
This is the best way to add a layer of protection to your cart. Please follow the steps
exactly for this to work. There is a README included in the zip and the steps can also
be found in documentation section.
https://www.opencart.com/index.php?rout ... n_id=18572

I'm no longer quite active at the Forum, to reach me, better contact: jti@jacob.ch
My free Opencart LIGHT 1.5.6.5 Code is available on GitHub soon,
a Demoversion of it can be seen in Action here: http://www.bigmax.ch
930+ FREE OC Extension-Repositories - from OC v.1.5.x up, on the
world's largest OC-related Github Site: https://github.com/IP-CAM
Image


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by HAO » Fri Aug 31, 2018 10:04 am

I have compared the difference between the original 1.5.6.4 and this file, The question is, can I use this file directly as my DB_DRIVER?

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by thekrotek » Fri Aug 31, 2018 2:25 pm

HAO wrote:
Fri Aug 31, 2018 6:56 am
This is the code I was attacked by the hacker.
What do you mean, can I solve the problem by simply adding the string (int)?
Do you even read my replies? I explained you TWO times already, what does (int) mean.

Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com


User avatar
Expert Member
Online

Posts

Joined
Sun Jul 03, 2016 12:24 am


Post by straightlight » Fri Aug 31, 2018 7:01 pm

Unfortunately, it ain't about the mount of times OPs are being told on this forum. It's … rather about the mount of times a duplicated post, a duplicated topic and a repetitive reported case as if it was the first time reported that is being encountered … on a frequent basis on this forum.

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com contractor officials representative


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by HAO » Fri Aug 31, 2018 10:13 pm

thekrotek wrote:
Fri Aug 31, 2018 2:25 pm
HAO wrote:
Fri Aug 31, 2018 6:56 am
This is the code I was attacked by the hacker.
What do you mean, can I solve the problem by simply adding the string (int)?
Do you even read my replies? I explained you TWO times already, what does (int) mean.
Sorry, I already understand, Thank you for your answer.

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm
Who is online

Users browsing this forum: No registered users and 8 guests