protection
French 
CrawlTrack, webmaster dashboard.
Web analytic, SEO and protection

CrawlProtect, your website safety.
Reinforced protection

Two php/MySQL scripts, free and easy to install
The tools you need to manage and keep control of your site.





diable

CrawlTrack and CrawlProtect support forum

You are not logged in.


#1 10-11-2010 14:41:23

al3xandr1a
Nouveau membre
Registered: 10-11-2010
Posts: 5

Doesn't block SQL injection

After installing both CrawlTrack and CrawlProtect, how come SQL injection as below dont get blocked?

ww w.yoursite.com/index.php?id=a OR 1=1

Offline

 

#2 10-11-2010 19:48:23

Jidébé
Administrateur
Registered: 30-10-2005
Posts: 2924

Re: Doesn't block SQL injection

Hi,

It's always a balance between injection blocage and level of false detection which can block when it should not.
If you redownload the 3.2.7 of CrawlTrack I have put now a quick fix for that specific case. I'm working for the next release of CrawlTrack on improving detection rule to avoid false detection while increasing the number of case blocked.
Actually CrawlProtect is not blocking that for the same reason, it was the cause of too many false detection.

Jean-Denis


CrawlTrack & CrawlProtect developer

Offline

 

Board footer

Powered by PunBB
© Copyright 2002–2008 PunBB