Print Page | Close Window

SQL Injection attack (?)

Printed From: Progarchives.com
Category: Site News, Newbies, Help and Improvements
Forum Name: Report bugs here
Forum Description: Help us improve the site from a tech standpoint
URL: http://www.progarchives.com/forum/forum_posts.asp?TID=71844
Printed Date: February 21 2025 at 15:59
Software Version: Web Wiz Forums 11.01 - http://www.webwizforums.com


Topic: SQL Injection attack (?)
Posted By: harmonium.ro
Subject: SQL Injection attack (?)
Date Posted: October 02 2010 at 08:35
Recently I have been experiencing this bug: when I search (with the search_form.asp - Search function) for a thread and find it, when I click on it to enter it, I get this error:


Server Error in Forum Application
WARNING: SQL Injection attack detected.
Please contact the forum administrator.

Support Error Code:- err_SQLServer_SqlInjectionTest()
File Name:- functions_common.asp

Error details:-

It has happened not with one thread, but with more of them. Here's an example: http://www.progarchives.com/forum/search_results_posts.asp?SearchID=20101002083230&KW=index+free - http://www.progarchives.com/forum/search_results_posts.asp?SearchID=20101002083230&KW=index+free

When you click on the found thread, does it give you the same error or does it open the thread?


Replies:
Posted By: M@X
Date Posted: October 02 2010 at 08:38
You can access the page by removing the part "&KW=index+free" in the example you provide.

It's because some keyword are protected to prevent SQL injection in URL.

Acceptable Solution ??


-------------
Prog On !

Posted By: harmonium.ro
Date Posted: October 02 2010 at 08:41
It worked!


Print Page | Close Window

Forum Software by Web Wiz Forums® version 11.01 - http://www.webwizforums.com
Copyright ©2001-2014 Web Wiz Ltd. - http://www.webwiz.co.uk