Form2Content Forum

Questions and answers for Form2Content, a Joomla CCK.
  1. Pyt
  2. F2C Search settings
  3. Sunday, 19 April 2020
  4.  Subscribe via email
Hello,
Thanks for the great Components!

I have a small thing, a friend of me informed me: with the url from form2content-search results there is a sql injecton possible.
Have i messed up the settings or will be there soon an update?

Kind regards,
Pyt
Responses (4)
Accepted Answer Pending Moderation
Hello again,

it feels like it is the field "Multi-Select-List" which causes the problem right now...

Version F2C-Search: 6.7.0
Version F2C: 6.17.0
  1. more than a month ago
  2. F2C Search settings
  3. # 1
Accepted Answer Pending Moderation
Hi Rothe, you might want to be more specific as I can't guess the actual issue.
Please read the F2C documentation before asking questions! Thank you if you've done so ;)
  1. more than a month ago
  2. F2C Search settings
  3. # 2
Accepted Answer Pending Moderation
So, if you make a Search form with several fiels, including Multi-select-list as last, and make it a modul, search:
then you can add instead of the last = following codes:

####### REMOVED BY ADMIN #####


**** --> Replace with Name of SQL Database

With this code it is possible to check, if there is a Table with "username" in the databaes (First code will show results normal, second code should show no hits)

Kind Regards,
Pyt
  1. more than a month ago
  2. F2C Search settings
  3. # 3
Accepted Answer Pending Moderation
Hi Pyt,

Thank you for sharing. We are looking into the risk and solution.

Regards,
Patrick
Please read the F2C documentation before asking questions! Thank you if you've done so ;)
  1. more than a month ago
  2. F2C Search settings
  3. # 4
  • Page :
  • 1


There are no replies made for this post yet.
However, you are not allowed to reply to this post.