Sandshot Software  
   Home   Products   Services   Support   Search   My Account 
Home >> Technical Support >> Knowledge Base
Search our Knowledge Base

Our knowledge base contains a number of useful articles we have generated based on prior support requests for both our products and other products we support. You may limit your search by keywords or article category.

Category:
Keywords:
Limit search to:
   

Half a Million Sites Hit with SQL Injection/XSS Attack - Was your StoreFront 5 site one?

About two weeks ago a past customer contacted me and said

"I'm getting script errors on all my pages now. There seems to be some <script . . ." tag embedded in all my product descriptions. I restored my SQL Server database but the next morning they were back."

This customer was running StoreFront 5.0 with a SQL Server backend. He had updated to the last release of 50.5, which made a minimal attempt at patching the SQL Injection vulnerability which in this case was exploited to introduce a cross-site scripting (XSS) attack on browsers to this person's site. Unfortunately, like many patched sites the patch was not completely applied. In this case I installed my SQL Injection Vulnerability patch and we restored the database. Sure enough, within an hour another attack came, though this time it was blocked and logged. The next day I talked with another developer who uses a different shopping cart and they had seen the same thing. In fact, this attack was fairly broad and hit hundreds of thousands of sites (Link 1 Link 2). Specific details of the attack are here. I repeated this process for a couple more sites, at least one of which used the services of HackerSafe. This site in particular bothered me because it was a completely unpatched site wide open for the taking and yet HackerSafe had never flagged them. The irony was the SQL Injection Patch I built was specifically done because HackerSafe had flagged another site; go figure.

What you can do:

  1. Turn off detailed error reporting or install a custom error handler. This wouldn't have prevented this specific attack but it might have prevented a site from being flagged as a target to begin with.
  2. If you are running StoreFront 5.0 make sure you update to the last 50.5 patch. It is by no means perfect but it generally passes most automated probes
  3. Consider adding my StoreFront 5.0 SQL Injection patch. I don't pretend it is foolproof as it is still just a patch trying to protect basically unsecure code, but it has proven effective thus far
  4. Have you been thinking about switching to a new cart, this should help your decision

 


This article was last updated on Wednesday, April 30, 2008 12:00:00 AM

Return to Top


Our Top Sellers




Home | Products | Services | Support | My Account
Privacy | Site Map | About Us | Contact Us
 

StoreFront Hosting provided by Applied Innovations