Protect the URL
Security issue. I am being spammed in the url .
the url looks like this
the url looks like this
http://www.testing.com/myTest.cfm?action=add_item&item=PK%3A39&product=1%29%20AND%205435%3DCONVERT%28INT%2C%28SELECT%20CHAR%28113%29%2BCHAR%28107%29%2BCHAR%28107%29%2BCHAR%28113%29%2BCHAR%28113%29%2B%28SELECT%20SUBSTRING%28%28ISNULL%28CAST%28count%28%2A%29%20AS%20NVARCHAR%284000%29%29%2CCHAR%2832%29%29%29%2C1%2C1024%29%20FROM%20upcomingEventsAttendance%20WHERE%20grade%20like%20CHAR%2837%29%2BCHAR%2899%29%2BCHAR%2897%29%2BCHAR%28114%29%2BCHAR%28100%29%2BCHAR%28110%29%2BCHAR%28117%29%2BCHAR%28109%29%2BCHAR%2898%29%2BCHAR%28101%29%2BCHAR%28114%29%2BCHAR%2837%29%20and%20grade%20like%20CHAR%2837%29%2BCHAR%2891%29%2BCHAR%2852%29%2BCHAR%2845%29%2BCHAR%2853%29%2BCHAR%2893%29%2BCHAR%2891%29%2BCHAR%2848%29%2BCHAR%2845%29%2BCHAR%2857%29%2BCHAR%2893%29%2BCHAR%2891%29%2BCHAR%2848%29%2BCHAR%2845%29%2BCHAR%2857%29%2BCHAR%2893%29%2BCHAR%2891%29%2BCHAR%2848%29%2BCHAR%2845%29%2BCHAR%2857%29%2BCHAR%2893%29%2BCHAR%2837%29%29%2BCHAR%28113%29%2BCHAR%28112%29%2BCHAR%28113%29%2BCHAR%28113%29%2BCHAR%28113%29%29%29--%20glyF&session=168696&state=CA
Last Comment
Ryan Chong
not too sure about your question, but in general to protect an URL, you could:
- use POST instead of GET for page processing
- implement the Page Authentication, such as Basic, Bearer, JWT Authentication etc.
ASKER
I am using ColdFusion as Server side language. And start getting error message as somebody is trying to hack my site by implementing the URL
so, perhaps you should implement some website hardening or penetration test to your web portal
as a start:
Top 10 Website Hardening Tips
https://blog.sucuri.net/2019/10/top-10-website-hardening-tips.html
Beginners Guide To Web Application Penetration Testing
https://www.softwaretestinghelp.com/getting-started-with-web-application-penetration-testing/
as a start:
Top 10 Website Hardening Tips
https://blog.sucuri.net/2019/10/top-10-website-hardening-tips.html
Beginners Guide To Web Application Penetration Testing
https://www.softwaretestinghelp.com/getting-started-with-web-application-penetration-testing/
That looks like a SQL injection attack. This attack is effective only if you don't sanitize your URL query strings before you build your SQL queries. Adobe has advice on how to address the issue. You should read up on it and take any necessary steps to sanitize your inputs.
How you are you seeing this? I do 404 tracking on websites that I support. A moderately busy site gets 100 to 1500 accesses a day for pages that don't exist.
ASKER
the page does exists. but I need to disinfect the URL not to process . It is a purely SQL injection attack
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Security
Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection. Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.
32K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
