Forum

Please consider registering
guest

Log In Register

Register | Lost password?
Search
Advanced Search
Advanced Search:

— Forum Scope —



— Match —



— Forum Options —




Wildcard usage:
*  matches any number of characters    %  matches exactly one character

Minimum search word length is 3 characters - maximum search word length is 84 characters

Topic RSS
SQL Injection Attack - a concern?
27 April, 2011
9:13 pm
rsmeade
New Member
Forum Posts: 2
Member Since:
12 April, 2011
Offline
1

Hi – just today I received notification that the WP firewall stopped a potential SQL Injection attack on a sermon ID of -1. How can I know if any damage was done (I don't see anything apparent). Is this something I can prevent in the future, or is it something in the backend of sermon browser that will need to be coded for? Looks like Russians who were trying to get or change passwords.
Thanks for any help or insight you can provide, and if you need additional info, I can send it to you (a little concerned about posting too much detail here in a public forum).
Thanks!

27 April, 2011
10:12 pm
Mark Barnes
Admin
Forum Posts: 425
Member Since:
14 December, 2005
Offline
2

rsmeade said:

Hi – just today I received notification that the WP firewall stopped a potential SQL Injection attack on a sermon ID of -1. How can I know if any damage was done (I don't see anything apparent). Is this something I can prevent in the future, or is it something in the backend of sermon browser that will need to be coded for? Looks like Russians who were trying to get or change passwords.
Thanks for any help or insight you can provide, and if you need additional info, I can send it to you (a little concerned about posting too much detail here in a public forum).
Thanks!

An SQL injection attack is a serious attack, with the potential for data loss and/or stealing email addresses (but not passwords). In your case, because the firewall appears to have stopped the attack, no damage should have been done.

Versions 0.43.5 and below have this vulnerability, so you should update to 0.43.6 immediately.

I'm sorry for the problem. It's the first time in three years that hackers have identified any security issues with Sermon Browser, and I'm afraid it's almost impossible to completely prevent these problems in a plugin the complexity of SermonBrowser.

28 April, 2011
1:24 am
rsmeade
New Member
Forum Posts: 2
Member Since:
12 April, 2011
Offline
3

Thanks so much for your quick reply and security fix!
Unfortunately, when I upgraded, it appears Sermon Browser uninstalled itself, but did not upgrade (even though it said it upgraded successfully). :-( I am working to get a backup copy restored. Hopefully others do not experience this problem!

All RSS
Forum Timezone: Europe/London

Most Users Ever Online: 40

Currently Online:
13 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

malpan: 2453

jogen: 2440

VanWatterson: 652

GeraldSebring: 364

LucasWoltman: 362

RandellFeenstra: 362

Member Stats:

Guest Posters: 7

Members: 2066

Moderators: 1

Admins: 1

Forum Stats:

Groups: 1

Forums: 2

Topics: 1071

Posts: 4045

Newest Members: Nixon Designs, zolaperry, tanec69, lbakyl, richdorm, Aaron Velasquez

Moderators: Ben Miller (387)

Administrators: Mark Barnes (425)

Comments are closed.