SQL Injection Vulnerable?

<div style="display:none">process of abortion <a href="http://longrangesystems.net/blog/template/page/how-to-naturally-terminate-a-pregnancy.aspx">longrangesystems.net</a> natural ways to terminate early pregnancy</div>

gFrick has the same issue and hackers added this type of div at end of all nVarchar(Max) columns content of all tables

and as i describe on above post it was from other ASP site on which hacker did it using sql injection that we fixed on ASP site that time.

But on nopCommerce i think its not possible.

do you have any other site that using same database as gFrick case ??

No, i haven't

No, i haven't

Ok. can you able give us the step to reproduce it ??

From which page and how it possible ??

Hi my site has hacked too like others that adding link content which starts <div style="display:none">.

But i think it is not a sql injection. Because i have created two nopcommerce database with same user on sql. One of them is for test and not running under a script. With my live db this test db is hacked too. On sql my other dbs are not hacked cause of their owner are setted as another db user.

I am wondering hackers can take our db users in settings.txt file or somewhere else?

Thanks.

Hi my site has hacked too like others that adding link content which starts <div style="display:none">.

But i think it is not a sql injection. Because i have created two nopcommerce database with same user on sql. One of them is for test and not running under a script. With my live db this test db is hacked too. On sql my other dbs are not hacked cause of their owner are setted as another db user.

I am wondering hackers can take our db users in settings.txt file or somewhere else?

Thanks.
Hi,

Please have a look at this post of mine

...I am using last version 3.70. But it's hacked. I have published project on debug mode. Does it can be a problem.