SQL injection

  • Resolved karlfee

    (@karlfee)


    4 years, 7 months ago

    My webserver’s firewall gives me an error when turning on Page scroll to id’s “offset” value.

    The error protocol of my website says:

    ...
[line "87"] [id "341245"] [rev "44"] 
[msg "Atomicorp.com WAF Rules: SQL injection attack (detectSQLi)"] 
[data "sos,ARGS:page_scroll_to_id_0_selector"]
[severity "CRITICAL"] 
[tag "SQLi"] Access denied with code 403 (phase 2). 
detected SQLi using libinjection with fingerprint 'sos' 
...

    Is this a serious issue with the plug-in, or am I just getting it not right?

    • This topic was modified 4 years, 7 months ago by karlfee.
    • This topic was modified 4 years, 7 months ago by karlfee.
Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author malihu

    (@malihu)

    Hi,

    The plugin has never been in any vulnerabilities list or has any known security issues.

    I can’t really say how using its offset feature can possibly cause an issue. Does this happen when you enter a value in offset field option?

    Thread Starter karlfee

    (@karlfee)

    Thanks Malihu,

    I found that actually trying to save the settings of the plugin leads to that error. Even if no value has been changed.

    Plugin Author malihu

    (@malihu)

    No problem.

    Try to change the “Selector(s)” option value to something like .test

    Maybe this is some false positive by the firewall because the default selector value is a standard css selector. In addition, all plugin options are sanitized by WordPress functions, so I can’t really say how this would cause an SQL injection.

    Thread Starter karlfee

    (@karlfee)

    Try to change the “Selector(s)” option value to something like .test

    That was the problem. No error with ‘.test’. I’m back on the track now.

    Thanks again for your help! Much appreciated.

    Plugin Author malihu

    (@malihu)

    Ok. This is definitely a false positive from the firewall. Not sure if you want to change plugins selector or keep using the default one (I would keep using the default selector) but if you need more help let me know.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘SQL injection’ is closed to new replies.