Web Wiz Support and Community Forums : SQL Injections?

Web Wiz Support and Community Forums : SQL Injections? https://forums.webwiz.net/ Copyright (c) 2006-2013 Web Wiz Forums - All Rights Reserved. Mon, 13 Apr 2026 15:20:14 +0000 Tue, 26 Jul 2005 14:05:15 +0000 http://blogs.law.harvard.edu/tech/rss Web Wiz Forums 12.08 360 https://forums.webwiz.net/RSS_post_feed.asp?TID=15660 <![CDATA[Web Wiz Support and Community Forums]]> https://forums.webwiz.net/forum_images/web_wiz_forums.png https://forums.webwiz.net/ <![CDATA[SQL Injections? : WWF does seem to be well secured...]]> https://forums.webwiz.net/sql-injections_topic15660_post87727.html#87727 Author: JJLatWebWiz
Subject: 15660
Posted: 26 July 2005 at 2:05pm

WWF does seem to be well secured against SQL Injection exploits. I haven't gone through every last input field to make sure it uses the formatInput and formatSQLInput function, but coverage seems comprehensive. Here is a good introduction to SQL Injection attacks with some good examples to test: http://www.unixwiz.net/techtips/sql-injection.html

One area of vulnerability in WWF compared to the examples in the site above is that an attacker can easily acquire the entire source code and can know with near absolute certainty the name of every table and field.

Even if WWF were wide open to SQL Injection exploits, using SQL Injection alone, an attacker could not acquire a user password in order to act as that user. Using SQL Injection and still assuming WWF were vulnerable, an attacker could change the user email address and then reset the password in order to act as that user after the reset. Obviously the legitimate user could no longer log in with the old password and the email address would be a telltail sign of the attack.

]]> Tue, 26 Jul 2005 14:05:15 +0000 https://forums.webwiz.net/sql-injections_topic15660_post87727.html#87727 <![CDATA[SQL Injections? : He said something like "find...]]> https://forums.webwiz.net/sql-injections_topic15660_post86381.html#86381 Author: UnderWarrior
Subject: 15660
Posted: 04 July 2005 at 5:17am

He said something like "find yourself, i won't tell". guess you're right]]> Mon, 04 Jul 2005 05:17:51 +0000 https://forums.webwiz.net/sql-injections_topic15660_post86381.html#86381 <![CDATA[SQL Injections? : Have him e-mail you exactly what...]]> https://forums.webwiz.net/sql-injections_topic15660_post86357.html#86357 Author: wistex
Subject: 15660
Posted: 03 July 2005 at 8:39pm

Have him e-mail you exactly what he did. I bet he won't. He's probably bluffing since he probably did what Borg suggested instead.]]> Sun, 03 Jul 2005 20:39:42 +0000 https://forums.webwiz.net/sql-injections_topic15660_post86357.html#86357 <![CDATA[SQL Injections? : WWF is good at detecting SQL injection....]]> https://forums.webwiz.net/sql-injections_topic15660_post86356.html#86356 Author: wistex
Subject: 15660
Posted: 03 July 2005 at 8:38pm

WWF is good at detecting SQL injection. I've had WWF tested by a friend of mine and he couldn't get in using that trick.

WWF's security is so good, that I use it to power the login for my entire website. Any other scripts I install, I modify to use WWF to handle members and login/logout. Some of the other scripts I have purchased or downloaded from other people were vulnerable to that kind of attack, so modifying it to use WWF's member management made those scripts secure.

]]> Sun, 03 Jul 2005 20:38:11 +0000 https://forums.webwiz.net/sql-injections_topic15660_post86356.html#86356 <![CDATA[SQL Injections? : All input is carefully screened...]]> https://forums.webwiz.net/sql-injections_topic15660_post86056.html#86056 Author: WebWiz-Bruce
Subject: 15660
Posted: 29 June 2005 at 11:35am

All input is carefully screened using specially created filters ,functions, etc. (over 3 months full-time work and 500 hours where spenton these filters and other security protection) to prevent any type ofSQL injection.

Usually if someone gets in as another users it is becuase they haveused an easy to guess password, or they used a shared computer and usedthe auto-login feature.
]]> Wed, 29 Jun 2005 11:35:50 +0000 https://forums.webwiz.net/sql-injections_topic15660_post86056.html#86056 <![CDATA[SQL Injections? : one person took control on other...]]> https://forums.webwiz.net/sql-injections_topic15660_post86054.html#86054 Author: UnderWarrior
Subject: 15660
Posted: 29 June 2005 at 10:54am

one person took control on other user in my forum, and he said he done that using sql injection in the forum.

Is there any such known vuln' for version 7.91?
]]> Wed, 29 Jun 2005 10:54:17 +0000 https://forums.webwiz.net/sql-injections_topic15660_post86054.html#86054