PEAK XOOPS - Re: Protector and Debaser ,SQL injection 
TOP
>
Forum
>
XOOPS Modules
>
Protector
>
Protector and Debaser ,SQL injection
>
Re: Protector and Debaser ,SQL injection
Re: Protector and Debaser ,SQL injection
Re: Protector and Debaser ,SQL injection
msg# 1.1
- depth:
- 1
Previous post
-
Next post
|
Parent
-
No child
|
Posted on 2007/8/7 6:54
GIJOE
Posts: 4110
Posts: 4110
hi onasre.
It looks just a typical SQL Injection.
Of course, it is the best way that the author fixes it.
But almost threats from SQL Injection can be excluded by Protector's setting.
1) rename prefix other than "xoops"
2) set "Action if an isolated comment-in is found" sanitizing or upper.
3) set "Action if a UNION is found" sanitizing or upper.
It looks just a typical SQL Injection.
Of course, it is the best way that the author fixes it.
But almost threats from SQL Injection can be excluded by Protector's setting.
1) rename prefix other than "xoops"
2) set "Action if an isolated comment-in is found" sanitizing or upper.
3) set "Action if a UNION is found" sanitizing or upper.
Votes:0
Average:0.00
Posts tree
-
Protector and Debaser ,SQL injection
(onasre, 2007/8/1 5:56)
-
Re: Protector and Debaser ,SQL injection
(GIJOE, 2007/8/7 6:54)
-
Login