Menu

Topic-icon Since 3.1.6 upgrade admin users getting 'forbidden access'

More
4 months 5 days ago #6824 by qldnet
Filters applied have (*) are:
'Duplicate backslashes'
'Line comments'
'Using integers'
'Escape strings'
But I have had to add a component exception to sql pattern to stop false positives.
Thanks

Please Log in or Create an account to join the conversation.

More
4 months 5 days ago #6825 by Jose
Do you still have the logs? If so, could you post a screenshot of them?

Regards,
Jose

Please Log in or Create an account to join the conversation.

More
4 months 5 days ago - 4 months 5 days ago #6826 by qldnet
No, sorry, but I open the page in K2 go to save it and instead of saving it will go to a blank page with forbidden access. Once I log back in and check the log it will display the first sentence from a page and report that as SQL injection. It happens to any user (manager/admin/super). Tried couple of pages (only text and hr readmore on pages).

In the description it will post SQL pattern detected :[POST:text]
Last edit: 4 months 5 days ago by qldnet.

Please Log in or Create an account to join the conversation.

More
4 months 5 days ago #6831 by Jose
I'm not able to reproduce it. After installing the new 3.1.6 version everything works fine.

Anyway I'm going to publish a new version (3.1.7) with the changes I made so everybody will be up to date with them.

Regards,
Jose

Please Log in or Create an account to join the conversation.

More
4 months 5 days ago #6834 by qldnet
I have updated to 3.1.7 and I still get forbidden access (unless I filter component). Here is a snapshot.
Now all these pages that are now causing error I have changed nothing on them. I just open and try to save them and get access issues. And in all of them all, it shows as SQL pattern is a top couple of lines of text or code. That is all. Have had absolutely no issues with ver 3.1.5.

Attachments:

Please Log in or Create an account to join the conversation.

More
4 months 5 days ago #6835 by Jose
Hi qldnet,

Can you please send me administrative credentials to access to that site? If so please use the email from which you receive forum notifications.

Regards,
Jose

Please Log in or Create an account to join the conversation.

Time to create page: 0.064 seconds
Powered by Kunena Forum

Login or Sign In