No Man's Sky supercharged slots best use.Makakuha ng libreng 700pho sa bawat deposito

Resolved casper14209
(@casper14209)

11 years ago

Hey guys/gals, it appears that we have found an issue with Bing.com search results when an apostrophe [‘] is included in the search query.
I have tracked it back to the BPS Security Plugin and then looked to see if it was present on the ait-pro.com site using this search,

https://www.bing.com/search?q=bullet+proof+security+%27&go=Submit&qs=n&form=QBRE&pq=bullet+proof+security+%27&sc=8-23&sp=-1&sk=&cvid=e52a177fe4d94a3782eff882168a22b0

clicked the first result to the site and sure enough, issue is on their server too.
Tested a query without the apostrophe

https://www.bing.com/search?q=bullet+proof+security&go=Submit&qs=n&form=QBRE&pq=bullet+proof+security&sc=8-21&sp=-1&sk=&cvid=4b21b24eee7243a681ac100697ba8864

and issue is not present.

We just happened to come across this because we have a client that has an apostrophe in their business name.

This ticket is a double purpose, one to see if there is a fix for this that I can implement in the mean time, and to let you guys/gals know about the issue.

My affected site is https://www.sadiespetproducts.com running on apache.

https://www.ads-software.com/plugins/bulletproof-security/

Viewing 6 replies - 1 through 6 (of 6 total)

Thread Starter casper14209
(@casper14209)

11 years ago

UPDATE:
Disabled all custom code entries and problem is still present.
Put in default mode, problem is gone.
Bulletproof mode, problem back.

Thread Starter casper14209
(@casper14209)

11 years ago

UPDATE:
OK, was able to track it down to this line of code in the .htaccess file.
#RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
Now I’m outside my knowledge level, any assistance or further information would be appreciated.

Thread Starter casper14209
(@casper14209)

11 years ago

UPDATE:
OK, after more research I have found that the %27 in the code line is to make the system deny (forbid) any referrer that has an apostrophe [‘] in the string.
Would anybody be interested in commenting on the possible security risk by allowing this on a shopping cart site?
I don’t like editing core plugin files as it makes for a pain to update things, and in this case, I’m going to say the developers have added this for good reason.
But at this time I really don’t have any choice on this site due to the business name and search volume on this phrase for the client. :-/

Plugin Author AITpro
(@aitpro)

11 years ago

The steps to allow the single quote code character/apostrophe in URL’s & Query Strings and permanently save your modified .htaccess code to BPS Custom Code is in the link below.

https://forum.ait-pro.com/forums/topic/apostrophe-single-quote-code-character/#post-6939

Impact to overall website security: BPS has several overlapping security filters/rules. So by modifying these particular rules/filters in the link above, your website is still protected against SQL Injection attacks. The SQL Injection security filter/rule below will still protect the site from all SQL Injection attacks. The single quote code character is used in most SQL Injection attacks.

RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]

Thread Starter casper14209
(@casper14209)

11 years ago

Awesome, thanks!
In all my searches that post didn’t come up. Thanks for pointing me in the right direction.
Impact is understood, thanks for the useful plugin and information.
Have an awesome day.

Thread Starter casper14209
(@casper14209)

11 years ago

Forgot to mark resolved in my last comment.

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Bing.com Referrer Error’ is closed to new replies.

Tags