Greenguy's Board

WebcamWiz CRAZY $5,000 Reward Bonuses WebcamWiz CRAZY $5,000 Reward Bonuses WebcamWiz CRAZY $5,000 Reward Bonuses WebcamWiz CRAZY $5,000 Reward Bonuses WebcamWiz CRAZY $5,000 Reward Bonuses

Go Back   Greenguy's Board > Chit Chat
Reload this Page Happy Wednesday Morning
Register FAQ Calendar Today's Posts

Reply
 
Thread Tools Search this Thread Rate Thread Display Modes
Old 2008-05-28, 10:58 AM   #1
Toby
Lonewolf Internet Sales
 
Toby's Avatar
 
Join Date: Mar 2005
Location: Houston
Posts: 4,826
Send a message via ICQ to Toby
Quote:
Originally Posted by spacemanspiff View Post
Kind of off the "good morning" topic, but I'd be really interested to know how that works out Toby. I've got some SQL databases running on some of our mainstream stuff so I'm always looking out for that kind of stuff.
This particular hack has been a pretty prevalent recently. Over 1.5 million pages affected...

In this case it was on a Windoze box running ASP code on a huge site initially created by someone else 6 or 7 years ago. Any page that pulls dynamic content based on URL parameters is susceptible IF those parameters aren't properly validated before being used to query the database.

The solution in this case was relatively simple. Since the parameter is the index number for the specific page (ex: detail.asp?ID=69) all that has to be done is to convert the parameter value to a long integer before using it in the query string. The ASP function CLng does the job.
Toby is offline   Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 06:31 AM.

Contact Us - Greenguy's Board - Archive - Top

Mark Read
Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
© Greenguy Marketing Inc