You need to sharpen up the pattern matching in your rules, so they match only the right URLs.

You have also misunderstood what a rewrite actually does. What it does is accept a URL request and rewrite that request to be handled by a non-default server-internal filepath and file.

URL rewites cannot "change" URLs. URLs are changed only when you change the links on the pages of your site. URLs are defined in links. It is too late to "change" a URL after the link is clicked.

www.correctwebpage.php/url-rewrite works OK

www.correctwebpage.php/urlrewrite/any-old-rubbish still works OK

Sounds as if you are matching the beginning of the request but rewriting to a complete address. Maybe it's time for an example (using, ahem, example dot com ;)).

Thanks guys, I got the developer who did it on this, the code was :-

RewriteRule ^shop/([0-9]+)/.+$ shop2.php?id=$1 [NC]

Which has been changed to :-

RewriteRule ^shop/([0-9]+)/[^/]+/$ shop2.php?id=$1 [NC]

Incorrect URL's now give a 404 error, the security scan now does not find issues there but has now found this!


Possible blind sql injection on [example.com:443...] d=1 wp --bsql "https://www.example.com:443/shop2.php? id=1" "https://www.example.com:443/shop2.php?id=1+and+1%3D1"<SPAN< A> style="display: none;"> "https://www.example.com:443/shop2.php?id=1+and+1%3D0" cat <<EOF > bsql.sh curl -L -k "https://www.example.com:443/shop2.php?id=1+and+1%3D1"> a curl -L -k "https://www.example.com:443/shop2.php?id=1+and+1%3D0"> b diff a b EOF sh bsql.sh This website may have other injection related vulnerabilities.

This site is running the same code as another that has no such issues, any ideas? Thanks

The change you made in the code stopped

example.com/something/junk-here

from working and instead changed the problem to be with

example.com/something/junk-here/

.

You didn't really fix the problem. You MUST get the script to also validate the second part, using $2.

OK, please bare with me as I know nothing about this! I simply change the above code to be $2 rather than $1 and that will fix it? Thanks for your help. (the guy doing this is more php based I think)

You need to capture both parts of the URL and validate both $1 and $2 are valid for the request.

It may help to see it in English.

Your first version:

RewriteRule ^shop/([0-9]+)/.+$ shop2.php?id=$1 [NC]

This version takes

shop/buncha numbers/any old stuff here

and replaces it with

shop2.php?id=the same numbers

throwing away everything after the numbers.


Your second version:

RewriteRule ^shop/([0-9]+)/[^/]+/$ shop2.php?id=$1 [NC]

This one takes

shop/buncha numbers/one more directory/

and replaces it with

shop2.php?id=the same numbers

again throwing away everything after the numbers. The only change is that the first version works on any input beginning with "shop/number/" while the second version only works on input in the form "shop/number/one more directory/"

As currently written, $2 would be meaningless because you've only captured one part of the request: the numbers immediately after "shop/"

Note that the dollar sign has two entirely different meanings. In the first part-- the user's request-- it means "end of the request". In the second part-- your rewrite-- it's followed by a number and means "put back the text you captured in the first part".

Thanks lucy24, unfortunatly above my head! Do you know what I should try? I'll email what you said to the guy working on it too, hopefully will mean something to him! Basic HTML is about my limit!