PCI Compliance issues
Posted: Wed Feb 22, 2012 11:42 pm
Just had Vulnerability scan from Security Metrics. We failed on the following thing.
Description: MyBB member.php and newreply.php Multiple Cross Site Scripting Vulnerabilities Severity: Area of Concern CVE: CVE-2010-4522 Impact: Vulnerabilities in MyBB (also known as MyBulletinBoard) allow for SQL and HTML injection as well as detection and deletion of sensitive information in the SQL database. Additionally, myBB administrator passwords can be revealed. Resolution [http://www.mybboard.net/downloads.php] Upgrade MyBB to version 1.6.5 or higher. Vulnerability Details: Service: http Sent: GET /member.php?action=login&url=javascript: alert%28'SAINT'%29 HTTP/1.0 Host: http://(edit - removed) User-Agent: Mozilla/4.0 Connection: Keep-alive Received: <div class="option"> <a onclick="$('input[name=\'language_code\']'
.attr('value', 'en'); $('#language_form').submit();"><img src="image/flags/gb.png" alt="English" /> English</a> </div> </div> <div> <input type="hidden" name="language_code" value="" /> <input type="hidden" name="redirect" value="http://(edit -removed) i ndex.php?route=error/not_found&action=logi n&url=javascript:alert('SAINT')"
This is all the information i have. We do not use MyBB. The guy at security metrics has admitted its a false positive, however they won't drop the risk untill i give them a dispute statement explaining what we are doing to sanitize html and prevent XSS.
I am guessing that Opencart sanitizes html in the urls. Can anyone explain how, or give me anything that i can send to them to get them to sign everything off.
Description: MyBB member.php and newreply.php Multiple Cross Site Scripting Vulnerabilities Severity: Area of Concern CVE: CVE-2010-4522 Impact: Vulnerabilities in MyBB (also known as MyBulletinBoard) allow for SQL and HTML injection as well as detection and deletion of sensitive information in the SQL database. Additionally, myBB administrator passwords can be revealed. Resolution [http://www.mybboard.net/downloads.php] Upgrade MyBB to version 1.6.5 or higher. Vulnerability Details: Service: http Sent: GET /member.php?action=login&url=javascript: alert%28'SAINT'%29 HTTP/1.0 Host: http://(edit - removed) User-Agent: Mozilla/4.0 Connection: Keep-alive Received: <div class="option"> <a onclick="$('input[name=\'language_code\']'

This is all the information i have. We do not use MyBB. The guy at security metrics has admitted its a false positive, however they won't drop the risk untill i give them a dispute statement explaining what we are doing to sanitize html and prevent XSS.
I am guessing that Opencart sanitizes html in the urls. Can anyone explain how, or give me anything that i can send to them to get them to sign everything off.