Friday, December 7, 2007

aspWebLinks Hack prevention

how to fix aspWEbLinks which already been hacked?

One of my clients website are using aspWebLinks 2.0 for the exchange link program. and i just got a report that someone can hack in to their link exchange site. Apparently how they do it its because there is a security hole in aspWeblinks script which make other people can use Remote SQL Injection to change the Admin Password.

For you guys who get hacked on your aspWebLinks code, you can use some prevention by checking the referrer site to that link.asp page. If the referrer site is not your domain, then just reject or redirect it to the other page.

If you are using asp , here’s some code to do that:

If(action=”modifyconfigprocess”) and
(ref<>“theURLWhichCallYourmodifyprocess”) then
Response.Redirect “otherpages”
end if

No comments: