Trying to make a sql injection i think ?

roelof · 2008-05-03 10:34:31

Hello,

In the logs of TPX i find a lot a things like this :

index.php?id=10&page=http%3A%2F%2Fwww.channelnewsperu.com%2Fimagenes%2Fpublicaciones%2Ffotos%2Femesuki%2Fohuhud%2F

Is someone trying to make a sql injection or is there more ?

Regards,

Roelof

ruud · 2008-05-03 12:25:11

TXP disables register_globals and does not use the ‘page’ parameter from a GET request in the public index.php, so this would have no effect. It seems to reference the URL http://www.channelnewsperu.com/imagenes/publicacio/, but that page doesn’t exist. I don’t think this is an SQL injection attempt, but rather an attempt to include some external document while running TXP scripts.

roelof · 2008-05-03 13:22:30

Oke,

There’s nothing i can do except controling the output of a page ?

Roelof

ruud · 2008-05-03 14:00:43

There’s nothing you need to do, really. What happens is the same as when visiting /index.php?id=10, which either displays article 10 or shows a 404 error.

roelof · 2008-05-03 14:56:37

Hello Ruud,

Thank you for your explanation.

Roelof

Textpattern CMS

Textpattern CMS support forum

#1 2008-05-03 10:34:31

Trying to make a sql injection i think ?

#2 2008-05-03 12:25:11

Re: Trying to make a sql injection i think ?

#3 2008-05-03 13:22:30

Re: Trying to make a sql injection i think ?

#4 2008-05-03 14:00:43

Re: Trying to make a sql injection i think ?

#5 2008-05-03 14:56:37

Re: Trying to make a sql injection i think ?

Board footer