Web Wiz - Green Windows Web Hosting
Web Wiz Homepage Search Web Wiz

  New Posts New Posts RSS Feed - SQL Injection attack warnings after upgrade
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

SQL Injection attack warnings after upgrade
 Post Reply Post Reply Page  12>
Author
  Topic Search Topic Search  Topic Options Topic Options
RadioActiveLamb View Drop Down
Groupie
Groupie


Joined: 29 December 2005
Location: United States
Status: Offline
Points: 171 		Post Options Post Options   Thanks (0) Thanks(0)   Quote RadioActiveLamb Quote  Post ReplyReply Direct Link To This Post Topic: SQL Injection attack warnings after upgrade
    Posted: 19 March 2009 at 11:44pm
I'm getting this error by visiting a forum or by opening certain topics. I have the new version running in a different folder than my current 9.54 version for testing. I think the error is a false positive because one of the forums I'm trying to view is one where I hold admin-only messages that are not available to the general public. 9.54 opens the messages without error.


Server Error in Forum Application
WARNING: SQL Injection attack detected.
Please contact the forum administrator.

Support Error Code:- err_SQLServer_SqlInjectionTest()
File Name:- functions_filters.asp

Error details:-
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 20 March 2009 at 7:48am
Could be a corrupted file or a bug that was fixed.

Try upgrading to the latest release.
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
Martin Falck View Drop Down
Newbie
Newbie
Avatar

Joined: 21 March 2006
Location: Denmark
Status: Offline
Points: 39 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Martin Falck Quote  Post ReplyReply Direct Link To This Post Posted: 20 March 2009 at 8:21am
I get the same after upgrade, and when i/admin wrote som topic and i have the the latest release:

Server Error in Forum Application
WARNING: SQL Injection attack detected.
Please contact the forum administrator.

Support Error Code:- err_mySQL_SqlInjectionTest()
File Name:- functions_filters.asp

Error details:-
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 20 March 2009 at 8:23am
Would need to see a link to the page you are having problems with to be able to tell what the issue is.

It's possibly something within the page name, or querysting which is a keyword in an SQL Injection attack and it is that which is coursing the problem.
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
Martin Falck View Drop Down
Newbie
Newbie
Avatar

Joined: 21 March 2006
Location: Denmark
Status: Offline
Points: 39 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Martin Falck Quote  Post ReplyReply Direct Link To This Post Posted: 20 March 2009 at 8:24am
  in the update of forum

http://fodboldsnak.dk/
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 20 March 2009 at 8:41am
OK I see now the page with the problem. To fix this open the file forum_posts.asp in a text editor and at line 182 add the following line:-


If Request.QueryString("title") <> "" Then strPageQueryString = Replace(strPageQueryString, Request.QueryString("title"), "")
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
Martin Falck View Drop Down
Newbie
Newbie
Avatar

Joined: 21 March 2006
Location: Denmark
Status: Offline
Points: 39 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Martin Falck Quote  Post ReplyReply Direct Link To This Post Posted: 20 March 2009 at 8:49am
Back to Top
RadioActiveLamb View Drop Down
Groupie
Groupie


Joined: 29 December 2005
Location: United States
Status: Offline
Points: 171 		Post Options Post Options   Thanks (0) Thanks(0)   Quote RadioActiveLamb Quote  Post ReplyReply Direct Link To This Post Posted: 20 March 2009 at 4:27pm
Mine isn't okay yet. I can't visit this "admin-only" forum. You won't either, because you aren't an admin. Here's the link anyway:
 
 
The fix you gave repaired the individual post error, but not this forum or list of topics. Do you have a similar fix for the forum_topics.asp code?
 
Thanks
 
Back to Top
 Post Reply Post Reply Page  12>

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.