This content has been marked as final. Show 14 replies
I was able to reproduce the error. Since you have it on apex.oracle.com I'd suggest dev could just use your login to go to the page where you've done this, open and save the item with no changes to test it out. Nice (and quick) test case. Thanks very much for posting it there!
I was able to recreate the error from scratch using IE7, and I got access to Bill's workspace today so I could just open the item and save it with no changes - got the same error. That was with IE8.
Bill - maybe a screen capture of the item creation and save? Not sure why it works for some and not others.
A remote attacker may be attempting to execute arbitrary code on the Web server by sending a specially-crafted POST command containing malicious script. The script could be written in Java or some other scripting language.
I suspect it's the same for Bill.
Interesting note for posterity._
Using a machine where the example fails using Apex 4.0 I added a simple js to a region footer.
Interesting! What is the name of your Firewall?
Is it possible that you have setup your APEX 3.2 box to be on some white list so that your firewall isn't checking it?
My Blog: http://www.inside-oracle-apex.com
APEX 4.0 Plug-Ins: http://apex.oracle.com/plugins
The firewall I am using is Proventia Desktop 9.0.226
[Suspicious Activity] This signature heuristically detects an SQL injection attempt by weighing various DDL, DML, operators, functions, keywords and symbols of the SQL programming language.