erikTsomik
asked on
Protect the URL
Security issue. I am being spammed in the url .
the url looks like this
the url looks like this
http://www.testing.com/myTest.cfm?action=add_item&item=PK%3A39&product=1%29%20AND%205435%3DCONVERT%28INT%2C%28SELECT%20CHAR%28113%29%2BCHAR%28107%29%2BCHAR%28107%29%2BCHAR%28113%29%2BCHAR%28113%29%2B%28SELECT%20SUBSTRING%28%28ISNULL%28CAST%28count%28%2A%29%20AS%20NVARCHAR%284000%29%29%2CCHAR%2832%29%29%29%2C1%2C1024%29%20FROM%20upcomingEventsAttendance%20WHERE%20grade%20like%20CHAR%2837%29%2BCHAR%2899%29%2BCHAR%2897%29%2BCHAR%28114%29%2BCHAR%28100%29%2BCHAR%28110%29%2BCHAR%28117%29%2BCHAR%28109%29%2BCHAR%2898%29%2BCHAR%28101%29%2BCHAR%28114%29%2BCHAR%2837%29%20and%20grade%20like%20CHAR%2837%29%2BCHAR%2891%29%2BCHAR%2852%29%2BCHAR%2845%29%2BCHAR%2853%29%2BCHAR%2893%29%2BCHAR%2891%29%2BCHAR%2848%29%2BCHAR%2845%29%2BCHAR%2857%29%2BCHAR%2893%29%2BCHAR%2891%29%2BCHAR%2848%29%2BCHAR%2845%29%2BCHAR%2857%29%2BCHAR%2893%29%2BCHAR%2891%29%2BCHAR%2848%29%2BCHAR%2845%29%2BCHAR%2857%29%2BCHAR%2893%29%2BCHAR%2837%29%29%2BCHAR%28113%29%2BCHAR%28112%29%2BCHAR%28113%29%2BCHAR%28113%29%2BCHAR%28113%29%29%29--%20glyF&session=168696&state=CA
not too sure about your question, but in general to protect an URL, you could:
- use POST instead of GET for page processing
- implement the Page Authentication, such as Basic, Bearer, JWT Authentication etc.
ASKER
I am using ColdFusion as Server side language. And start getting error message as somebody is trying to hack my site by implementing the URL
so, perhaps you should implement some website hardening or penetration test to your web portal
as a start:
Top 10 Website Hardening Tips
https://blog.sucuri.net/2019/10/top-10-website-hardening-tips.html
Beginners Guide To Web Application Penetration Testing
https://www.softwaretestinghelp.com/getting-started-with-web-application-penetration-testing/
as a start:
Top 10 Website Hardening Tips
https://blog.sucuri.net/2019/10/top-10-website-hardening-tips.html
Beginners Guide To Web Application Penetration Testing
https://www.softwaretestinghelp.com/getting-started-with-web-application-penetration-testing/
That looks like a SQL injection attack. This attack is effective only if you don't sanitize your URL query strings before you build your SQL queries. Adobe has advice on how to address the issue. You should read up on it and take any necessary steps to sanitize your inputs.
How you are you seeing this? I do 404 tracking on websites that I support. A moderately busy site gets 100 to 1500 accesses a day for pages that don't exist.
ASKER
the page does exists. but I need to disinfect the URL not to process . It is a purely SQL injection attack
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.