Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • J 299 posts 492 karma points
    Aug 05, 2019 @ 08:54
    J
    0

    A number of my Umbraco 7.5 sites are being hit with the below query (I've abbreviated the string below for ease but you'll get the idea)

    http://www.site.com/FourError/?403;http://www.site.com:80/plus/download.php?open=1&arrs1[]=99&arrs1[]=102&arrs1[]
    

    The error log states

    Exception information: Exception type: SqlException Exception message: String or binary data would be truncated. The statement has been terminated. at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action1 wrapCloseInAction) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady) at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString, Boolean isInternal, Boolean forDescribeParameterEncryption, Boolean shouldCacheForAlwaysEncrypted) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, Boolean inRetry, SqlDataReader ds, Boolean describeParameterEncryptionRequest) at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource1 completion, Int32 timeout, Task& task, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry) at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(TaskCompletionSource1 completion, String methodName, Boolean sendToPipe, Int32 timeout, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry) at System.Data.SqlClient.SqlCommand.ExecuteNonQuery() at Microsoft.ApplicationBlocks.Data.SqlHelper.ExecuteNonQuery(SqlConnection connection, CommandType commandType, String commandText, SqlParameter[] commandParameters) at Microsoft.ApplicationBlocks.Data.SqlHelper.ExecuteNonQuery(String connectionString, CommandType commandType, String commandText, SqlParameter[] commandParameters) at umbraco.DataLayer.SqlHelper1.ExecuteNonQuery(String commandText, IParameter[] parameters)

    To me this looks like its reaching Umbracos dll but not sure if theres anything i can do to avoid these type of attacks? i.e. avoid them? I've added some filters to IIS but they avoid some but the above seem to get through?

  • J 299 posts 492 karma points
    Aug 09, 2019 @ 08:36
    J
    0

    In addition to the above i also see these errors every so often

     Type is not resolved for member 'Umbraco.Core.Security.UmbracoBackOfficeIdentity,Umbraco.Core, Version=1.0.6185.24083, Culture=neutral, PublicKeyToken=null'
    

    Does anyone have any advise on if these can be ignored/fixed?

Please Sign in or register to post replies

Write your reply to:

Draft