SMF Malicious script

[Loreny]

Hello,

I moderate a Simple Machine Forum and would like to ask if it is possible for a registered member to post something with a malicious script that can overwhelm  the Database ?

Thanks !

[kpac]

Hello,

I moderate a Simple Machine Forum and would like to ask if it is possible for a registered member to post something with a malicious script that can overwhelm  the Database ?

Thanks !

Very unlikely, though possible. The best way to avoid it is to keep the software up-to-date, which can be done via the Package Manager in the Admin CP.

[evilfantasy]

Denial-of-service attack also called a DOS Attack.

[kpac]

Denial-of-service attack also called a DOS Attack.

Well, actually the main concern is SQL injection.

Basically entering SQL commands into a text field. If the field has no vaildation key, entering the right (or wrong  ) code could simply delete the database.

[BC_Programmer]

DROP or ALTER. Of course you would need to know the table names, but they aren't to hard to get from the smf docs.

[evilfantasy]

a malicious script that can overwhelm  the Database ?

Could they actually mean server?

I think a DOS Attack would be the most likely place to begin investigating.

[kpac]

Could they actually mean server?

Ah, I doubt it. SMF is secure enough to disallow that.

[evilfantasy]

I mean it sounds like the server is being over loaded by a DOS style attack. It's a pretty common way for someone with a grudge against a web site to seek revenge.

[Loreny]

Thanks for taking the time to answer KPAC !