SQL Injection detection on /Admin/Public/Stat2.aspx

Ben Doorn

Posted on 24/08/2015 13:49:54

Does anyone know why the DW application is detecting an SQL injection on the /Admin/Public/Stat2.aspx script.

/Admin/Public/Stat2.aspx?SessionID=q11ohvkf0ukl2fmxpkl5u0io&PageID=34&AreaID=1&width=1920&height=1080&col=24&referrer=http%3A%2F%2Fwebshop.test.com%2Fcatalogus%3FGroupID%3D%26PageNum%3D3%26View%3Dcategory_detail_SecondViewV2.cshtml%26bdTextSearch%3Dpomp&async=true&lan=nl-NL&engagement=0

The users get locked out on the SQL injection protection. But as far as I know this is a DW generated url, so we cannot change this. I solved the issue by turning off the IP lockout. But i'm currious why this happens.

Kind regards,

Ben

Replies

Nicolai Høeg Pedersen

Posted on 24/08/2015 14:19:16

Hi Ben

Which version is the solution? Just checked against the engine, and it should not be caught by it...

Are you sure that is the URL that blocks the users? Can you provide the URL of the solution, then I can check the logs.

BR Nicolai

Ben Doorn

Posted on 24/08/2015 15:15:59

Pretty sure that this is the URL that blocks the user. I checked the logs and this was the first page returning a 403 state.

I will mail you the details of the solution.

Nicolai Høeg Pedersen

Posted on 24/08/2015 15:25:22

Ok, found the issue. Problem is that the referer contains a URL in this format: &GroupID=&somethingElse=value where the yellow part is the problem.

We will create a TFS item against the issue.

Nicolai Høeg Pedersen

Posted on 24/08/2015 15:33:20

This is actually bug TFS#16942 fixed in these releases: 8.4.1.32 / 8.5.1.24 / 8.6.0.6 / 8.6.1.3

Ben Doorn

Posted on 24/08/2015 15:49:33

Thanx. I will upgrade the solution then.

You must be logged in to post in the forum

Developer forum

SQL Injection detection on /Admin/Public/Stat2.aspx

Replies