Products

Solutions

Learn More

Partners

Community

Blog

About

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen

HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...DNN 6.2.9 under attackDNN 6.2.9 under attack
Previous
 
Next
New Post
5/19/2016 6:17 AM
 

I uploaded the Image but it doesn't show

Here is a link to download the image with the error on it

https://www.dropbox.com/s/wjjam686tl6lj96/Injecti .JPG?dl=0

 
New Post
5/19/2016 6:25 AM
 

Ok, the SOB managed to post his f**ing viagra stuff in the Message field of the FEEDBACK module which, to my knowledge is a CORE module.

Any ideas why he managed to do this? How can I stop the SOB from tampering with my feedback module?

My DNN version, which had, until now, no known vulnerabilities is 07.04.02 (216)

 

 
New Post
5/19/2016 11:59 AM
 
if feedback module is public, anyone is able to post his message is this field. you might enable captcha, but unfortunately, DNN is not using re-captcha and is easy to circumvent by hackers.

Cheers from Germany,
Sebastian Leupold

dnnWerk - The DotNetNuke Experts   German Spoken DotNetNuke User Group

Speed up your DNN Websites with TurboDNN
 
New Post
5/19/2016 12:51 PM
 

The problem is he is not posting stuff on the website via public Feedback module, he is posting stuff inside the Feedback DATABASE table through the feedback module and mixing it to the valid content stored in the table! That is the real problem.

I can try to make all my Feedback modules not public and hide them behind login/registration IF I HAD NOT already given up public Login/Registration because of the tons of bogus users I got nonwithstanding the use of recaptcha for my logins.

This means I would have to give up communication altogether... might as well give up websites while I'm at it.

If I was sure it would solve my problem I would probably do it, but please consider the fact that the core Feedback module has serious vulnerability issues.

Here I go again, back to restoring my database.

By the way, I hope restoring the website DB more or less every 4 days does not damage my DNN installation more that it already is.

 

 
New Post
5/20/2016 4:45 AM
 
I am not aware of any vulnerabilities of the feedback module (unless you provide public edit access to the feedback results), the module is using stored procedures for updates, following best practices. Did you discuss this issue in the forum of the feedback module on this site? did you log the issue in their Github repository (https://github.com/dnncommunity/DNN.f...)?

Cheers from Germany,
Sebastian Leupold

dnnWerk - The DotNetNuke Experts   German Spoken DotNetNuke User Group

Speed up your DNN Websites with TurboDNN
 
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...DNN 6.2.9 under attackDNN 6.2.9 under attack


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.

Content Layout

Subscribe to DNN Digest

Subscribe to DNN Digest

DNN Digest is our monthly email newsletter. It highlights news and content from around the DNN ecosystem, such as new modules and themes, messages from leadership, blog posts and notable tweets. Keep your finger on the pulse of the ecosystem by subscribing.  

What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out