I noticed that if I have multiple portals the blog entries can be retrieved for another portal just by changing the number. The entries that are written for another blog(another site) show up complete with my site layout as if I have written that. This in my opinion is a major security problem. SQL injection attacks are a real possibility if no validation is being done inside Blog module. Besides, if the individual portal  finds this, I may have to answer some very uncomfortable questions.

I am surprised that a person of your stature would just mock at a user reporting an injection  problem.

I am not an expert, not a programmer so let me apologize if I said something wrong. As per my salesworthy understanding, if by substituting a parameter I can receive data that I am not supposed to (in this case on a different portal), an SQL injection attack succeeded. The Blog module does not validate if the EntryID being asked for belongs to the currently shown portal and it is a problem if I , as a host am charging $$$ from clients who have individual portals and have posted Blog Entries of their own. Nobody wants to see their content being shown under another Portal's logo, skin and design.  Its a lawsuit waiting to happen for Dotnetnuke's paying customers.

<i> Also the reason I have not shown where this is happening </i>

I went to that page but how do I login there? My Dotnetnuke login does not work.

Thanks

Subodh

Excuse me, 

Stacy, is there a reason you dragged "subodh" - me;  in picture? I also saw just a few other posts you made and I must say it makes me unconfortable. If I need any PR, I can do it all by myself, thank you. I would appreciate if you would clarify why you seem to be impersonating me?

-Subodh aka www.subodh.com