I am using 1.3.8a with installed the security patch.
I ran McAfee PCI test on the site. It reported a "Potentially Exploitable Database Error Message" error.
Details:
http ://www.salevalley.com/ad_click.asp/banner_id//'
error msg on the site
1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/%' ) ORDER BY length(link_alias) DESC' at line 1
in:
[SELECT DISTINCT link_url, link_alias FROM links_aliases WHERE (link_alias LIKE '%/ad_click.asp/%' OR link_alias LIKE '%/banner_id/%' OR link_alias LIKE '%//%' OR link_alias LIKE '%/'/%' ) ORDER BY length(link_alias) DESC]
Please help me to solve this.
Bookmarks