Hi all, We've been getting errors on these suspicious looking URLs. I don't know much about SQL injection but could this be what's being attempted here?
If so, what is the likelihood of success and what can we do to safeguard against such attacks (if it is, indeed, an attack). (The "no browse index" error is a problem which regularly occurs with browsing by date). Thanks a lot. Gary Gary Browne Development Programmer Library IT Services University of Sydney ph: 9351-5946 -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Tuesday, 14 April 2009 10:34 AM To: [email protected] Subject: Sydney eScholarship: Internal Server Error An internal server error occurred on http://ses.library.usyd.edu.au: Date: 4/14/09 10:34 AM Session ID: E517DC9EBB9ECCF310DA536E8F10236C -- URL Was: http://ses.library.usyd.edu.au/handle/2123/878/browse?type=%27%29+declar e+%40q+varchar%288000%29+select+%40q+%3D+0x57414954464F522044454C4159202 730303A30303A313027+exec%28%40q%29+--&submit_browse=Issue+Date -- Method: GET -- Parameters were: -- type: "') declare @q varchar(8000) select @q = 0x57414954464F522044454C4159202730303A30303A313027 exec(@q) --" -- submit_browse: "Issue Date" Exception: javax.servlet.ServletException: There is no browse index for the request at org.dspace.app.webui.servlet.BrowserServlet.doDSGet(BrowserServlet.java: 92) at org.dspace.app.webui.servlet.DSpaceServlet.processRequest(DSpaceServlet. java:151) at org.dspace.app.webui.servlet.DSpaceServlet.doGet(DSpaceServlet.java:99) at javax.servlet.http.HttpServlet.service(HttpServlet.java:627) at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica tionFilterChain.java:269) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt erChain.java:188) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatc her.java:679) at org.apache.catalina.core.ApplicationDispatcher.processRequest(Applicatio nDispatcher.java:461) at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDisp atcher.java:399) at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispat cher.java:301) at org.dspace.app.webui.servlet.HandleServlet.doDSGet(HandleServlet.java:22 0) at org.dspace.app.webui.servlet.DSpaceServlet.processRequest(DSpaceServlet. java:151) at org.dspace.app.webui.servlet.DSpaceServlet.doGet(DSpaceServlet.java:99) at javax.servlet.http.HttpServlet.service(HttpServlet.java:627) at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica tionFilterChain.java:269) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt erChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv e.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv e.java:172) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java :127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :117) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:1 74) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:773) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java: 703) at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket. java:895) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool .java:689) at java.lang.Thread.run(Thread.java:595) ------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
