Welcome to HostingForumz.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

SQL Injection

  
   Web Hosting Problem Solving Community! (Home) -> Apache RSS
Next:  network directory security credentials password k..  
Author Message
FDM+

External


Since: Feb 04, 2008
Posts: 2



(Msg. 1) Posted: Mon Feb 04, 2008 3:09 pm
Post subject: SQL Injection
Archived from groups: alt>apache>configuration (more info?)
Hi folks,
my website seems to be the preferred target for Sql Injection.
http://mywebsite/index.php/Cariche-sociali.html?page=0&pop=http%3A...%2hoste

Is there a way to configure apache to redirect elsewhere this kind of
traffic? I mean redirecting the url while the visitor type an url like this
one (or above one):

http://mywebsite.tld/path/HTTP://SOMETHING-LIKETHIS

thus checking the double http:// and redirect this traffic to another site.

Thank you
F

 >> Stay informed about: SQL Injection 
Back to top
Login to vote
Erwin Moller

External


Since: Feb 04, 2008
Posts: 3



(Msg. 2) Posted: Tue Feb 05, 2008 9:05 am
Post subject: Re: SQL Injection [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
FDM+ wrote:
> Hi folks,

Hi,

> my website seems to be the preferred target for Sql Injection.
> http://mywebsite/index.php/Cariche-sociali.html?page=0&pop=http%3A...%2hoste
>
> Is there a way to configure apache to redirect elsewhere this kind of
> traffic? I mean redirecting the url while the visitor type an url like this
> one (or above one):
>
> http://mywebsite.tld/path/HTTP://SOMETHING-LIKETHIS
>
> thus checking the double http:// and redirect this traffic to another site.
>

Yes, you can use a module for url rewriting (mod_rewrite):
http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html

But that is fixing your problem in the wrong way.

But I must urge you to fix your application.
If SQL injection is possible, fix the scripts.
SQL injection vunerability means your receiving scripts are written by
an amateur, since it is easily countered.
If you are using a third party package (joomla?), get the latest
version. Maybe they fixed it.

Regards,
Erwin Moller

> Thank you
> F
>

 >> Stay informed about: SQL Injection 
Back to top
Login to vote
FDM+

External


Since: Feb 04, 2008
Posts: 2



(Msg. 3) Posted: Tue Feb 05, 2008 9:04 pm
Post subject: Re: SQL Injection [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
In spite all the fixes I don't want to have XSS attack.
Any example for url_rewriting applied at this case?

Thank you
Fab
 >> Stay informed about: SQL Injection 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
Apache HTML Header Injection - Hi, Does anyone know of a way that I can inject some html code into the header of every html document requested from my Linux Apache Web Server. I am developing a very simple PHP/Mysql company intranet and would like an easy way to insert the company..

Forced Code/Header Insertion/Injection - Hi there, I'm not really sure how to phrase my question, but i'll try, here goes... I'm looking for a way to force apache to load content in a header fashion before serving files on a system. That is, let's imagine a typical web request scenario. Use...

Hotlinking - I have a free site on royalfreehost.com and I wanted to use some of the images on another site - which is hosted on a pay site - by using hotlinking (to reduce bandwidth, ok, I know it's naughty!) It worked at first. After a few days it stopped ..

cgi search engine for Intranet website - I'm looking for a good (and easy to use) search engine for use on an internal website. I need/want it to search only the web pages on the loacl apache server (running on Redhat 9). Want it to be able to search the bodies of the pages for keywords....

Known issues with running Apache and IIS simultaneously? - Hello, My company is considering running Apache and IIS together on one server. I have researched the possibilities of doing this on the web, but I have found little information apart from basic configuration instructions and some known configuration..
   Web Hosting Problem Solving Community! (Home) -> Apache All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]