Menu

Topic-icon Since 3.1.6 upgrade admin users getting 'forbidden access'

More
1 month 1 week ago #6824 by qldnet
Filters applied have (*) are:
'Duplicate backslashes'
'Line comments'
'Using integers'
'Escape strings'
But I have had to add a component exception to sql pattern to stop false positives.
Thanks

Please Log in or Create an account to join the conversation.

More
1 month 1 week ago #6825 by Jose
Do you still have the logs? If so, could you post a screenshot of them?

Regards,
Jose

Please Log in or Create an account to join the conversation.

More
1 month 1 week ago - 1 month 1 week ago #6826 by qldnet
No, sorry, but I open the page in K2 go to save it and instead of saving it will go to a blank page with forbidden access. Once I log back in and check the log it will display the first sentence from a page and report that as SQL injection. It happens to any user (manager/admin/super). Tried couple of pages (only text and hr readmore on pages).

In the description it will post SQL pattern detected :[POST:text]
Last edit: 1 month 1 week ago by qldnet.

Please Log in or Create an account to join the conversation.

More
1 month 1 week ago #6831 by Jose
I'm not able to reproduce it. After installing the new 3.1.6 version everything works fine.

Anyway I'm going to publish a new version (3.1.7) with the changes I made so everybody will be up to date with them.

Regards,
Jose

Please Log in or Create an account to join the conversation.

More
1 month 1 week ago #6834 by qldnet
I have updated to 3.1.7 and I still get forbidden access (unless I filter component). Here is a snapshot.
Now all these pages that are now causing error I have changed nothing on them. I just open and try to save them and get access issues. And in all of them all, it shows as SQL pattern is a top couple of lines of text or code. That is all. Have had absolutely no issues with ver 3.1.5.

Attachments:

Please Log in or Create an account to join the conversation.

More
1 month 1 week ago #6835 by Jose
Hi qldnet,

Can you please send me administrative credentials to access to that site? If so please use the email from which you receive forum notifications.

Regards,
Jose

Please Log in or Create an account to join the conversation.

Time to create page: 0.060 seconds
Powered by Kunena Forum

Login or Sign In