Our website www.tabletpcbuzz.com has been hit numerous times with a script injection into the SQL database. I purchased the website about 2 months ago and didn't realize it was an old version (3.4.03). Just upgraded it today to the latest and greatest.
Am I safe?
John Hill www.alltp.com www.tabletpcbuzz.com www.tabletpcbuzz.com/3dbuzz
Upgrading should indeed fix the sql injection issues. Just applying the security fixes posted since the version was released would fix it, but if you have the opportunity to upgrade, you should do it.
thanks - it has been a real drag. I upgrade to .06 and am looking forward to everything running smoothly.
When I ran the "Check Installation" there were some errors, but at the end it said "database upgraded successfully" and the version in the admin section says "3.4.06"
Anything else I need to check?
John Hill www.alltp.com www.tabletpcbuzz.com www.tabletpcbuzz.com/3dbuzz
Just to be certain sure that this isn't a new exploit, how did they execute the injection? Also, what were the errors you received when running setup.asp, just in case they're something you should look at?
Search is your friend “I was having a mildly paranoid day, mostly due to the fact that the mad priest lady from over the river had taken to nailing weasels to my front door again.”
Topic Locked
Posted - 31 July 2007 : 14:31:57
