aspWebLinks hack patch 2.0
One of my clients web site are using aspWebLinks 2.0 for the link exchange program. and i just got a news that someone can hack in to their link exchange site. Apparently how they do it its because there is a security hole in aspWeblinks script which make other people can use Remote SQL Injection to change the Admin Password.
For you guys who get hacked on your aspWebLinks code, you can use some prevention by checking the referrer site to that link.asp page. If the referrer site is not your domain, then just reject or redirect it to the other page. Or you can just download the patch with sql injection prevention from here aspweblinks version 2.1 from here:
http://www.fullrev.com/links_overview.asp
Notice that you can just copy the link.asp file and replace the old file. And no need to replace whole file, especially the database. Otherwise you will lose your old data fom old database.
Comments
Leave a Reply