Solve : SMF Malicious script?

1.	Solve : SMF Malicious script?
Answer» Hello, I moderate a Simple Machine Forum and would like to ask if it is possible for a registered member to post something with a MALICIOUS script that can overwhelm the Database ? Thanks !Quote from: Loreny on March 28, 2009, 02:45:37 AM Hello, I moderate a Simple Machine Forum and would like to ask if it is possible for a registered member to post something with a malicious script that can overwhelm the Database ? Thanks ! Very unlikely, though possible. The best way to avoid it is to keep the software up-to-date, which can be done via the Package Manager in the Admin CP.Denial-of-service attack also called a DOS Attack.Quote from: evilfantasy on March 28, 2009, 09:47:56 AM Denial-of-service attack also called a DOS Attack. Well, actually the main concern is SQL injection. Basically entering SQL commands into a text field. If the field has no vaildation KEY, entering the RIGHT (or wrong ) code could simply delete the database.DROP or ALTER. Of COURSE you would need to know the table names, but they aren't to hard to get from the smf docs.Quote a malicious script that can overwhelm the Database ? Could they actually mean server? I think a DOS Attack would be the most likely place to begin investigating. Quote from: evilfantasy on March 28, 2009, 10:38:32 AM Could they actually mean server? Ah, I doubt it. SMF is SECURE enough to disallow that.I mean it sounds like the server is being over loaded by a DOS style attack. It's a pretty common way for someone with a grudge against a web site to seek revenge. Thanks for taking the time to answer KPAC !

Answer»

Hello,

I moderate a Simple Machine Forum and would like to ask if it is possible for a registered member to post something with a MALICIOUS script that can overwhelm the Database ?

Thanks !Quote from: Loreny on March 28, 2009, 02:45:37 AM

Hello,

I moderate a Simple Machine Forum and would like to ask if it is possible for a registered member to post something with a malicious script that can overwhelm the Database ?

Thanks !

Very unlikely, though possible. The best way to avoid it is to keep the software up-to-date, which can be done via the Package Manager in the Admin CP.Denial-of-service attack also called a DOS Attack.Quote from: evilfantasy on March 28, 2009, 09:47:56 AM

Denial-of-service attack also called a DOS Attack.

Well, actually the main concern is SQL injection.

Basically entering SQL commands into a text field. If the field has no vaildation KEY, entering the RIGHT (or wrong ) code could simply delete the database.DROP or ALTER. Of COURSE you would need to know the table names, but they aren't to hard to get from the smf docs.Quote

a malicious script that can overwhelm the Database ?

Could they actually mean server?

I think a DOS Attack would be the most likely place to begin investigating. Quote from: evilfantasy on March 28, 2009, 10:38:32 AM

Could they actually mean server?

Ah, I doubt it. SMF is SECURE enough to disallow that.I mean it sounds like the server is being over loaded by a DOS style attack. It's a pretty common way for someone with a grudge against a web site to seek revenge.
Thanks for taking the time to answer KPAC !

Solve : SMF Malicious script?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment