Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
zeta
Starting Member
1 Post |
 Posted - 2009-03-29 : 15:19:20
|
| My site is currenty being attacked by a spammer/bot . After looking into this problem, there is some sought of security hold in the site. Does anyone here know how to fix this problem:PlatformSQL 5.1.30php 5.2.9What is taking placeA remote attacker could send specially-crafted SQL statements to the toplists.php script using the list parameter, which could allow the attacker to view, add, modify or delete information in the back-end database. ProiblemSQL injection vulnerability in toplists.php in eFiction 3.0 and 3.4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the list parameter. ReferencesNote: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete. MILW0RM:5785 URL:http://www.milw0rm.com/exploits/5785 BID:29658 URL:http://www.securityfocus.com/bid/29658 SECUNIA:30606 URL:http://secunia.com/advisories/30606 XF:efiction-toplists-sql-injection(42998) URL:http://xforce.iss.net/xforce/xfdb/42998 I really don't want to use captcha as a means to resolve this issue. Does anyone know how I can resolve this issue and make my site more secure. Thanks Zeta |
|
|
robvolk
Most Valuable Yak
15732 Posts |
Posted - 2009-03-29 : 17:24:50
|
| We're a SQL Server site, with some support for ASP.Net, we don't support MySQL or PHP. There are plenty of sites that do however. |
 |
|
|
|
|
|
vulnerabilities in current database