I've actually seen quite a few SQL Injection attempts on my personal site lately (4.8.4), they're attaching any querystring parameters they can locate. I've had no intrusions so far

@christoc, thats the automated work, it uses search engines to find pages and then appends the sql injection attempt to the querystring - usually without dotnetnuke you see default.aspx?tabid=xx&DECLARE...rest of sql injection or else linkclick.aspx?tabid=xx&DECLARE...rest . DotNetNuke is not vulnerable to either or these.

I have a site drawing some interest, but it's using (attempting) the document module. I look like: /LinkClick.aspx?fileticket=ZmIogdlv%2Fp4%3D&tabid=58&mid=453;DECLARE%20@S%20VARCHAR.<br><br>Anyone encountered this?

we checked a fresh DNN installation (4.8.4) using IBM AppScan these days ... and i couldn't find any issues.

yeah, our website had the same experience of the sql injection.

@cjsmitty, that's very like the majority of attempts we've had reports of, it's nothing to worry about and doesn't work (AFAIR the mid querystring value also expects an integer so it causes an exception)

This is one reason that I use ListX for most database access. It does have some tools to deal with sql injection.<br><br>/DaveS

Are the querystrings in IFrame modules exposed to this attack?

@plord, no - no core dotnetnuke module, including iframe, is at risk from sql injection.

I'm noticing a ton of these, plus something that seems to take every page of my site and looks for either "test.aspx" or "~AppScan". Not sure what's occuring but I've been told not to worry about it. It's more a factor that my Event Log gets clogged up with maybe 3 dozen of these things per day.

@MarkHGordon, AppScan is a popular vulnerability scanner usually used by organisations to check that their sites dont suffer from known issues. Judging by the term "AppScan" either someone inside your organisation is using it legitimately or someone external is deliberately scanning your site looking to hack you - i.e. it's not a sql injection attack you need to worry about but rather a more focussed probe.

Cathal,<br><br>Thanks. I'm getting the SQL Injections plus the AppScan stuff so I thought they were one and the same.<br><br>My county IT department is trying to say that my selection of internet is a security risk (for some reason they just don't like us), so I know they've been trying to hack into it, probably to prove their point of view. I'm hoping DNN 4.8.4 is secure enough that it rebuffs them.<br><br>Can you tell they have no love for us? :-)<br><br>Thanks,<br><br>Mark

Could we use SiteUrls.config to create a re-write rule to filter this junk from getting into our sites. We don't think that we need them crashing the application and generating error messages in DNN and Windows event logs.

@bcasson, yes this is possible. If i get some time I may work on this and blog the results but I have other items I have to finish first. In future please only post 1 comment, I did not enjoy having to delete 21 duplicates.

Is anyone using UrlScan version 3.0 RTW? I believe if configured correctly it would filter a lot of those attempts.<br>http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1697<br>

I was just hit with one. It inserted a script tag going to yahoosite.ru/index.js into the ControlSrc field of every entry in teh ModuleDefinitions table. Messed up the whole site. There were a bunch of core tables affected, but the only 3rd party module that was affected was the ***module name removed by moderator - please inform the vendor seperaterly *** module. Could be a hole in the security.