Forums

DREAMWEAVER

This topic is locked

Patch for SQL Injection attack vulnerability in UD

Kevin Macdonell

Posted 18 Oct 2002 12:48:55

has voted

Vote

18 Oct 2002 12:48:55 Kevin Macdonell posted:

Hi,

Using UD4's standard page security behaviours to secure a page leaves the page open to an SQL injection attack, I have been aware of the flaw in the code for a long time but a clients site was hacked this morning because of it so I am keen to find a fix. I don't want to hand edit the code because that will break the behaviour in GUI mode.

Any help would be very much appreciated, Thanks,
Kevin

Replies

Dave Clarke

Replied 19 Oct 2002 21:16:33

19 Oct 2002 21:16:33 Dave Clarke replied:

obviously we dont want to discuss here how this behaviour is vulnerable to an SQL injection in here, but as the username and password fields of your login form are very easily protected i dont see how the page protection could be circumvented.

please email me to discuss further

ASP|VBScript|IIS5.1|WinXPPro & WinXPHome

Reply to this topic

Latest Extensions

App Connect Summernote File Upload Upload different files in Summernote Editor
App Connect Summernote Simple, yet powerful and modern WYSIWYG Editor
Bootstrap 4 Dynamic Table Generator 2 Automatically generate dynamic data tables
Bootstrap 4 Dynamic Form Generator 2 Auto generate perfect Bootstrap 4 dynamic forms in seconds
App Connect Bootstrap 4 Dynamic Paging Generator Auto generate awesome dynamic Bootstrap 4 paging in seconds
App Connect Event Calendar The most powerful full-sized event calendar for Dreamweaver
DMXzone App Connect Next generation client side framework for data-driven web sites and apps
DMXzone Database Custom Query Create advanced, complex custom SQL queries with ease

Latest Videos

Using App Connect Autocomplete Learn how to add autocomplete functionality on your page, using the App Connect Autocomplete
Creating Custom SQL Queries Learn how to create custom SQL Queries with DMXzone Database Custom Query
Restricting Access to Your Pages Learn how to restrict access to your pages, using DMXzone Security Provider 2
Adding Log Out Functionality with DMXzone Security Provider 2 Learn how to add log out functionality to your page with DMXzone Security Provider 2
Creating a Log In Page with DMXzone Security Provider 2 Learn how to create a log in page with DMXzone Security Provider 2
Setting Up Site Security Settings Learn how to setup your site security, using DMXzone Security Provider 2
Generating an Update Record Form Learn how to create an update record form, using the Bootstrap 4 Dynamic Form Generator 2
Generating an Insert Record Form Learn how to create an insert record form, using the Bootstrap 4 Dynamic Form Generator 2