That doesn't seem to be SQL injection, it looks like an XSS attempt on form POST variables (generally harder to trick a user with because it would have to POST from a different domain, rather then just getting them to click a link...)
Can you tell me which scanning tool was used? It would help just to clarify the type of vulnerability that is identified, and if it's an open source one then I can also run it myself. In the short term, if this is XSS then it can be mitigated by asking your webtop users to ensure they enter the correct URL or use only their browser bookmarks for logging into the webtop. Longer term, you'd probably want to plan to upgrade to FarCry 7 (and CF10 or Railo 4) as we are now making use of the ESAPI functions to further guard against XSS attacks for code within Core. cheers, Justin On Tuesday, January 7, 2014 2:53:30 PM UTC+11, Xiaofeng Liu wrote: > > Hi, > > We have an old FarCry 5.2.7 site. A recent WAS security scan reported some > SQL injection threats around webtop login area: > > Detection Information > Parameter It has been detected by exploiting the parameter > *farcryFormValidation* of the form located in URL > http://thewebsite/farcry/core/webtop/login.cfm? > returnUrl=/index.cfm > The payloads section will display a list of tests that show how the param > could have been exploited to collect the information > > Payloads > #1 Request > Payload > FarcryFormPrefixes=login&loginObjectID=E8C4D550-6FBE-11E3-AFD63C4A926C9186&loginTypename=farLogin&lo > > > ginusername=John&loginpassword=John&FarcryFormSubmitButton=1234&FarcryFormSubmitButtonClickedfarcryF > > orm444678179=1234&FarcryFormSubmitted=farcryForm444678179&SelectedObjectID=1234&farcryFormValidation > > =1%22'%3E%3Cqss%3E&FarcryFormsubmitButton > %3DLog%20In=Log%20In > Request POST > http://thewebsite/farcry/core/webtop/login.cfm?returnUrl=/index.cfm > > Same SQL injection threats also reported on: > > *SelectedObjectID* > > *FarcryFormSubmitted* > > *FarcryFormSubmitButton* > > *loginpassword* > > Can anyone please point us to the right direction about how to fix this? > > Thanks > > > -- > Best regards, > > Xiaofeng,^_^ > -- You received this message cos you are subscribed to "farcry-dev" Google group. To post, email: [email protected] To unsubscribe, email: [email protected] For more options: http://groups.google.com/group/farcry-dev -------------------------------- Follow us on Twitter: http://twitter.com/farcry --- You received this message because you are subscribed to the Google Groups "farcry-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
