Web Wiz - Green Windows Web Hosting
Web Wiz Homepage Search Web Wiz

  New Posts New Posts RSS Feed - SQL Injection attack warnings after upgrade
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

SQL Injection attack warnings after upgrade
 Post Reply Post Reply Page  <12
Author
  Topic Search Topic Search  Topic Options Topic Options
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 20 March 2009 at 4:29pm
Yes a new 9.56a version has just been released which patches this issue and prevents the false positives.

You can download 9.56a from the Web Wiz Forums download page.
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
RadioActiveLamb View Drop Down
Groupie
Groupie


Joined: 29 December 2005
Location: United States
Status: Offline
Points: 171 		Post Options Post Options   Thanks (0) Thanks(0)   Quote RadioActiveLamb Quote  Post ReplyReply Direct Link To This Post Posted: 20 March 2009 at 5:21pm
9.56a installed, works great! Thank you Thumbs Up
Back to Top
kiklop View Drop Down
Groupie
Groupie


Joined: 14 July 2005
Status: Offline
Points: 137 		Post Options Post Options   Thanks (0) Thanks(0)   Quote kiklop Quote  Post ReplyReply Direct Link To This Post Posted: 03 April 2009 at 9:57am
I just found one case in which the warning showed up (When using  search option in our forum clicking on one result)

http://www.dyxum.com/dforum//forum_posts.asp?TID=44423&KW=100-200&PID=478690&title=ud3-30-min-span-classhighlight100-200-span-f45-100-300-apo-d-price-drop#478690

Searched term was "100-200".

I have already updated to 9.56a.
dyxum.com
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 03 April 2009 at 10:26am
It looks like this rare issue can happen if the keywords being searched are also in the subject of the topic and the topic subject contains content that could be used in an SQL Injection attack.

The issue has been fixed for the next release, but does not affect those using URL Rewriting.

If your server supports it I would recommend using URL rewriting, not only do you get SEO friendly HTML page names but you also get better security.
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
kiklop View Drop Down
Groupie
Groupie


Joined: 14 July 2005
Status: Offline
Points: 137 		Post Options Post Options   Thanks (0) Thanks(0)   Quote kiklop Quote  Post ReplyReply Direct Link To This Post Posted: 03 April 2009 at 12:27pm
Thanks Bruce; it isn't a big deal (it is really an exception) just wanted to let you know about (if there is a simple code modification that resolves is it would be great).

As for URL Rewriting i'm waiting for my host company to install it on the server (they are slow with such things but excellent on others).
dyxum.com
Back to Top
 Post Reply Post Reply Page  <12

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.