fabian
  •  fabian
  • 51.2% (Neutral)
  • YAF Forumling Topic Starter
2009-06-05T22:41:48Z
Hello!
Our site has been hacked! Some of the messages in the forum has been replaced with spam.
Can it be a SQL-injection or what?

In one of the topics, the name of the topic has been changed to: "buy cialis shipping".
Several of the messages in the topics has been changed ex:
"No political or socially iconic animals were injured in the making of this post.
From: E. Charters comprare cialis viagra generico ordinare uMh0Atc Cialis controlled substance viagra legale fioricet buy online Cialis reviews tramadol"
Here is the exampel:
http://4ahjul.se/Default.aspx?g=posts&t=17 


Version 1.9.1.8.
Installed on a windows 2003-server.

Can someone help us!
Fabian
Sponsor
jshepler
2009-06-06T09:45:22Z
I wish I could help you, but I can only offer that I don't believe it to be a sql-injection attack. What code I've seen in v1.9.1.8 has always used parameterized queries and so is immune to sql-injection (or so I've been led to believe).

not jsheLPer
Mek
  •  Mek
  • 100% (Exalted)
  • YAF Developer
2009-06-07T22:00:01Z
Much more likely is you have your permissions wrong, create a test signup user and see what perms they have to those forums.

UserPostedImage 

"It's a case of RTFM.. the only problem being we don't have a manual!"

When I post FP:Mek in a topic, I'm leaving my footprint there so I can track it once I get into coding/supporting. (Yes I stole this off Ederon 🙂 )
fabian
  •  fabian
  • 51.2% (Neutral)
  • YAF Forumling Topic Starter
2009-06-08T06:13:23Z
Mek wrote:

Much more likely is you have your permissions wrong, create a test signup user and see what perms they have to those forums.


Ok, thanx for the tip!
Testing......

About Us

The YAF.NET is an open source .NET forum project. YAF.NET is supported by an team of international developers who are build community by building community software.

Powered by Resharper Donate with PayPal button

Project Twitter Updates

Copyright © YetAnotherForum.NET & Ingo Herbote. All rights reserved