Hi, We have detected some requests to one of our customer´s system (dspace 1.8.2 + xmlui+ oracle) in form of
GET /xmlui/bitstream/handle/xxxxx/XXXX/00220121000031.pdf?sequence=1%26%26BeNChMaRK%282999999%2CMD5% 28NOW%28%29%29%29 since it can be a kind of sql injection attack, we wonder if someone has made any further investigation after the described in http://dspace.2283337.n4.nabble.com/Dspace-tech-DSpace-and-Cross-site-scripting-SQL-Injection-attack-vulnerabilities-td3276960.html Any additional precautions that we must care? Thanks for all you support Emilio Lorenzo -- --- Este mensaje no contiene virus ni malware porque la protección de avast! Antivirus está activa. http://www.avast.com ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette