PCI Compliance Scans Are Flagging Non-compliant Versions Of Miva Merchant

Up until now it seems that even non PCI Compliant versions of Miva Merchant were not getting flagged by some PCI Compliance scannig agencies such as SecurityMetrics. We came across a site that was being flagged as having ‘Possible blind sql injection’ and it was followed by a bunch links to the merchant Miva Merchant store.  Often times the PCI Compliance scanners do raise false positives and in fact this is one of those times but  simply running the latest streaming update from Miva within the Miva Merchant admin allowed this site to pass the scan. Your other option is to contact your PCI scanning company and alert them that this is a false positive and hopefully they comply. You should check with a Miva specialist to make sure the streaming updates will not conflict with any modules or customization that have been made to your store. It is also good practice to check that your additional modules are updated to the latest versions as well.

ALERT: Security Metrics PCI Compliance Scanning is now picking up on non-compliant versions of Miva Merchant.

SOLUTION: Stream the latest Miva Merchant updates from the Miva Admin (If it has been a while since the last time you ran the updates and your store is customized you may want to check with your web master or Miva Specialist before running the updates).

Problem Summary per Security Metrics:
Possible blind sql injection on http://www.domain.com/Merchant2/merchant.mvc?Category_Code=100&Current_Product_Code=&Store_Code=NTFL&Screen=OINF&Offset=&Attributes=Yes&%3FAction=ADPR style=”display: none;”> wp –bsql “http://www.domain.com/Merchant2/merchant.mvc?Category_Code=100&Current_Product_Code=&Store_Code=NTFL&Screen=OINF&Offset=&Attributes=Yes&%3FAction=ADPR” “http://www.domain.com/Merchant2/merchant.mvc?Category_Code=100&Current_Product_Code=&Store_Code=NTFL&Screen=OINF+and+1%3D1&Offset=&Attributes=Yes&%3FAction=ADPR” “http://www.domain.com/Merchant2/merchant.mvc?Category_Code=100&Current_Product_Code=&Store_Code=NTFL&Screen=OINF+and+1%3D0&Offset=&Attributes=Yes&%3FAction=ADPR” POST cat <<EOF > bsql.sh curl -L -d “Category_Code=100&Current_Product_Code=&Store_Code=NTFL&Screen=OINF&Offset=&Attributes=Yes&%3FAction=ADPR” “http://www.domain.com/Merchant2/merchant

admin on January 29, 2010 | Filed Under  Miva Merchant Admin,PCI Compliance
Leave a comment

Get news, specials and updates. Join our newsletter!

Morditech Technologies ™ 2011. All rights reserved. Nos vincet
Miva Merchant Premier Web Host Partner located on Cape Cod in Sandwich, Massachusetts.