Fancy Product Designer – BASE64 Code injection

  • Resolved pixelhafendesign

    (@pixelhafendesign)


    3 years, 9 months ago

    Hi,

    There is a problem with uploading or adding to cart in connection with NinjaFirewall. As soon as the product should be added to the shopping cart, the request is blocked by NinjaFirewall. It seems to be due to the size (in megabytes) of the photos, because if a smaller photo is used, no problem occurs. Plugin which is causing conflict: Fancy Product Designer

    The following error message appears in the firewall log: 25/Feb/21 08:30:32 #5446732 CRITICAL – 87.173.184.xxx POST /index.php – BASE64-encoded injection – [POST:fpd_print_order = {“used_fonts”:[], “svg_data”:[{“svg”:”<! –?xml version=\”1.0\” encoding=\”UTF-8\” standalone=\”no\” ?–><svg xmlns=\”https://www.w3.org/2000/svg\” xmlns:xlink=\”https://www.w3.org/…%5Dhttps://www.meinfotowunder.de

    Is there already a solution for this?

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter pixelhafendesign

    (@pixelhafendesign)

    Plugin which is causing conflict: Fancy Product Designer

    Plugin Author nintechnet

    (@nintechnet)

    You are blocked by this policy: Firewall Policies > Intermediate Policies > Decode Base64-encoded POST variable.
    That means that the payload (POST:fpd_print_order) contains base64-encoded code (js, php etc).

    Thread Starter pixelhafendesign

    (@pixelhafendesign)

    Yeah okay, I understand that.

    How can you whitelist this action? I am not a programmer and the developer does not know what to do about it.

    Plugin Author nintechnet

    (@nintechnet)

    You can’t whitelist the POST:fpd_print_order action in the free version, that’s a premium feature.
    If you know the client IP, you can whitelist it using the .htninja script. Otherwise, you will need to disable the “Decode Base64-encoded POST variable” policy.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Fancy Product Designer – BASE64 Code injection’ is closed to new replies.