Small width layout Medium width layout Maximum width layout Small text Medium text Large text
     Search
Downloads Downloads Directory Directory Forums Forums Forge Forge Blogs Blogs        Marketplace Marketplace Careers Program Careers
Community › Forums Register  |  

AppTheory specializes in solutions based on the DotNetNuke platform and has 2 employees on the DotNetNuke Core Team.
  Ads  
OnyakTech
 


  Sponsors  

Meet Our Sponsors

Salaro -- Skins and more
OnyakTech
CrystalTech Web Hosting™
Webhost4life, specialists in DNN hosting
Mad Development is a full service interactive agency focusing on the merge of design, technology, e-commerce, and affiliate marketing by providing total website solutions.
SteadyRain
 


DotNetNuke Forums
 
  Forum  General DotNetN...  Chat About It!  DNN SQL Injection Vulnerability? I.E. How did this happen?
Previous Previous
 
Next Next
New Post 5/19/2008 4:44 AM
User is offline Dave Felts
9 posts
10th Ranked


Re: DNN SQL Injection Vulnerability? I.E. How did this happen? 

Hi Sebastian

I am running the most recent version, 4.8.2, downloaded from this site.
 
New Post 5/19/2008 6:14 AM
User is offline Sebastian Leupold
15216 posts
www.deutschnetnuke.de
1st Ranked












Re: DNN SQL Injection Vulnerability? I.E. How did this happen? 

Thanks Dave, I will raise this issue.

Sebastian Leupold

DeutschNetNuke dnnWerk - The DotNetNuke Experts German DotNetNuke User-Group

DotNetNuke Project UserDefinedTable
DotNetNuke Project Release Tracker
 
New Post 5/19/2008 9:42 AM
User is offline Sebastian Leupold
15216 posts
www.deutschnetnuke.de
1st Ranked












Re: DNN SQL Injection Vulnerability? I.E. How did this happen? 

Dave, Steve,

would you mind to send me ( sebastian (dot) leupold (at) dotnetnuke (dot) com) a list of modules installed in your DotNetNuke site, in order we get a chance to analyse the issue, thank you.

Sebastian Leupold

DeutschNetNuke dnnWerk - The DotNetNuke Experts German DotNetNuke User-Group

DotNetNuke Project UserDefinedTable
DotNetNuke Project Release Tracker
 
New Post 5/19/2008 9:59 AM
User is offline Brandon Haynes
705 posts
brandonhaynes.org
7th Ranked


Re: DNN SQL Injection Vulnerability? I.E. How did this happen? 

Other IIS applications that touch the same database server as DNN could also cause cross-contamination, even without any DNN-specific vulnurability.  It's almost certainly this or a bad third-party module, as I see only one DNN site out there that has been infected.

Brandon

Brandon Haynes
BrandonHaynes.org
 
New Post 5/19/2008 11:26 AM
User is offline Dave Felts
9 posts
10th Ranked


Re: DNN SQL Injection Vulnerability? I.E. How did this happen? 

Hi Sebastion

Installed Modules
[Skin Objects]
Account Login
Announcements (not used)
Banners (not used)
Blog
Chat
Events (not used)
Feed Explorer (not used)
Feedback
Forum
Google Adsense
HouseMenu
Links (not used)
MarketShare (not used)
Media (not used)
Orizonti_NukeNews
Report Grid
Search Input
Search Results
Survey (not used)
Text/HTML
User Account
UsersOnline
Wiki
XMod (not used)
XMod formView (not used)

I installed XMod, but ended up not building anything with it or using it.

Dave
 
 Page 2 of 5Previous123...5Next 
Previous Previous
 
Next Next
  Forum  General DotNetN...  Chat About It!  DNN SQL Injection Vulnerability? I.E. How did this happen?
 


Forum Policy

These Discussion Forums are dedicated to the discussion of the DotNetNuke Web Application Framework.

For the benefit of the community and to protect the integrity of the project, please observe the following posting guidelines:

1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DotNetNuke.
2. Discussion or promotion of DotNetNuke product releases under a different brand name are strictly prohibited.
3. No Flaming or Trolling.
4. No Profanity, Racism, or Prejudice.
5. Site Moderators have the final word on approving/removing a thread or post or comment.
6. English language posting only, please.
 


Softech Development, Inc.
We help your business work smarter with DotNetNuke. Whether you need a new implementation, a custom module or skin for an existing implementation, or integration with your business processes, Softech has the experience and expertise to make it happen.
www.softechdevelopment.com 		Module Development by Engage Software
Specializing in custom module development, training and skinning.
www.engagesoftware.com 		BataviaSoft DotNetNuke Solutions
BataviaSoft offers custom DotNetNuke solutions especially for the European and the South East Asian market.
www.bataviasoft.com

DotNetNuke Corporation   Terms Of Use  Privacy Statement
DotNetNuke®, DNN®, and the DotNetNuke logo are trademarks of DotNetNuke Corporation
Hosted by MaximumASP