1
arie1985
SQL Injection
  • 2007/8/30 20:24

  • arie1985

  • Not too shy to talk

  • Posts: 139

  • Since: 2006/6/30


where is it most likely to get an SQL injection in version 2.0.16?

My site has been hacked even though I have the Protector module installed.

If anyone could help me here or via email I'll appreciate it

2
McDonald
Re: SQL Injection
  • 2007/8/30 20:51

  • McDonald

  • Home away from home

  • Posts: 1072

  • Since: 2005/8/15


Probably in one of your modules.

Which modules+versions do you have installed?

Which version of Protector do you use?

Latest version of Protector is 3.13beta and can be downloaded here.

3
arie1985
Re: SQL Injection
  • 2007/8/30 21:15

  • arie1985

  • Not too shy to talk

  • Posts: 139

  • Since: 2006/6/30


I have Protector v2.54 installed, and module Web Stats v2.1 and module Memberlist v1 and the forum module NewBB is kinda new version 3.08 - what should I do please?

4
zyspec
Re: SQL Injection
  • 2007/8/30 21:33

  • zyspec

  • Module Developer

  • Posts: 1095

  • Since: 2004/9/21


You might try looking at your server logs to see if you can see something "suspicious"...

5
arie1985
Re: SQL Injection
  • 2007/8/30 21:39

  • arie1985

  • Not too shy to talk

  • Posts: 139

  • Since: 2006/6/30


Quote:

zyspec wrote:
You might try looking at your server logs to see if you can see something "suspicious"...


I've crossed between the hours of the changes and and the raw access logs but i couldn't find anything suspicious.

6
McDonald
Re: SQL Injection
  • 2007/8/30 21:43

  • McDonald

  • Home away from home

  • Posts: 1072

  • Since: 2005/8/15


I would start with upgrading your version of Protector to at least version 3.04.
For more info about Protector see here.

7
arie1985
Re: SQL Injection
  • 2007/8/30 21:59

  • arie1985

  • Not too shy to talk

  • Posts: 139

  • Since: 2006/6/30


Quote:

McDonald wrote:
I would start with upgrading your version of Protector to at least version 3.04.


Already done.
---
Look here

http://www.securityfocus.com/archive/1/archive/1/459150/100/0/threaded

Version 2.0.16 has SQL injection and there are 3 places where people can hack through - could it be that the hacker has done it from one of those 3 places?

8
skenow
Re: SQL Injection
  • 2007/8/30 22:51

  • skenow

  • Home away from home

  • Posts: 993

  • Since: 2004/11/17


A volnerability was discovered and patched in debaser 0.92

SecurityFocus report

Frankblack has provided a patch see here

9
arie1985
Re: SQL Injection
  • 2007/8/30 22:55

  • arie1985

  • Not too shy to talk

  • Posts: 139

  • Since: 2006/6/30


Quote:

skenow wrote:
A volnerability was discovered and patched in debaser 0.92

SecurityFocus report

Frankblack has provided a patch see here


I'm not running this module and it's not relevant to my issue. Thanks.

10
zyspec
Re: SQL Injection
  • 2007/8/31 1:03

  • zyspec

  • Module Developer

  • Posts: 1095

  • Since: 2004/9/21


arie1985,

From the report on securityfocus.com it looks like the only XOOPS core 'vulnerability' is for the &get function in the XoopsGroupHandler. The other 4 (the one shown and the 3 'others') that it identified are in the Weblinks module.

the following line:
$sql = 'SELECT * FROM '.$this->db->prefix('groups').' WHERE groupid='.$id;

could be changed to:
$sql = 'SELECT * FROM '.$this->db->prefix('groups').' WHERE groupid='.intval($id);

although I'm not convinced this is a real vulnerability because of where it's located... I'd have to look at it more closely - maybe phppp or one of the core developers could elaborate. You might try posting this as a bug on the core dev site here to see what they think.

Login

Who's Online

359 user(s) are online (289 user(s) are browsing Support Forums)


Members: 0


Guests: 359


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits