SQL Injection attack (?)

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

   Recently I have been experiencing this bug: when I search (with the Search function) for a thread and find it, when I click on it to enter it, I get this error:

Server Error in Forum Application
WARNING: SQL Injection attack detected.
Please contact the forum administrator.

Support Error Code:- err_SQLServer_SqlInjectionTest()
File Name:- functions_common.asp

Error details:-

It has happened not with one thread, but with more of them. Here's an example: http://www.progarchives.com/forum/search_results_posts.asp?SearchID=20101002083230&KW=index+free

When you click on the found thread, does it give you the same error or does it open the thread?

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
harmonium.ro Members Profile Send Private Message Find Members Posts Add to Buddy List Reviewer page Special Collaborator Honorary Collaborator / Retired Admin Joined: August 18 2008 Location: Anna Calvi Status: Offline Points: 22989	Topic: SQL Injection attack (?) Posted: October 02 2010 at 08:35
	Recently I have been experiencing this bug: when I search (with the Search function) for a thread and find it, when I click on it to enter it, I get this error: Server Error in Forum Application WARNING: SQL Injection attack detected. Please contact the forum administrator. Support Error Code:- err_SQLServer_SqlInjectionTest() File Name:- functions_common.asp Error details:- It has happened not with one thread, but with more of them. Here's an example: http://www.progarchives.com/forum/search_results_posts.asp?SearchID=20101002083230&KW=index+free When you click on the found thread, does it give you the same error or does it open the thread?

M@X Members Profile Send Private Message Find Members Posts Add to Buddy List Reviewer page Forum & Site Admin Group Co-founder, Admin & Webmaster Joined: January 29 2004 Location: Canada Status: Offline Points: 4051	Posted: October 02 2010 at 08:38
	You can access the page by removing the part "&KW=index+free" in the example you provide. It's because some keyword are protected to prevent SQL injection in URL. Acceptable Solution ??
	Prog On !

harmonium.ro Members Profile Send Private Message Find Members Posts Add to Buddy List Reviewer page Special Collaborator Honorary Collaborator / Retired Admin Joined: August 18 2008 Location: Anna Calvi Status: Offline Points: 22989	Posted: October 02 2010 at 08:41
	It worked!