XSS (HTML tag)?

  • Resolved schulz

    (@schulz)


    9 years, 8 months ago

    I seem to run into this problem often when I am posting/updating posts/pages on my site:

    10/Mar/15 14:08:34 #7697279 high 100 ###.###.###.### POST /wp-admin/post.php - XSS (HTML tag) - [POST:content = [events_list blogs="all" nb=-1 future=1 past=0 order="ASC"]%0d%0a<p style="text-align: center;"><a title="Events Map" href="https://www.807area.ca/events/map/">Events Map</a> | <a title="Eve...] - www.807area.ca

    I end up having to temporarily turn off Scan POST variable just to get things done.

    The log is very vague about what is triggering the firewall, it just spills an excerpt of the start of the post data.

    It would be better if the log showed the text of what triggered the blocking of the post. At one point it blocked a post just because it had a <div> tag in it?

    https://www.ads-software.com/plugins/ninjafirewall/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi

    When you are logged in as the admin, this should not occur.
    If you check the firewall “Overview” page, do you see any warning/error ?

    Thread Starter schulz

    (@schulz)

    No, it shows:

    NinjaFirewall (WP edition)

    Firewall Enabled
    PHP SAPI CGI-FCGI
    Version 1.3.9 (2015-02-23)

    BTW: this is a WordPress Multisite Set-up Version 4.1.1.

    Plugin Author nintechnet

    (@nintechnet)

    Still while you are logged in as the admin, try to access your blog and appending the “?test=hack%00” query string to the URL:

    https:// YOUR_BLOG /index.php?test=hack%00
    https:// YOUR_BLOG /wp-admin/index.php?test=hack%00

    Are you blocked by the firewall or can you access those pages as usual?

    Thread Starter schulz

    (@schulz)

    https:// YOUR_BLOG /index.php?test=hack%00

    changes to

    https:// YOUR_BLOG /?test=hack%00

    and seems to load normally and

    https:// YOUR_BLOG /wp-admin/index.php?test=hack%00

    changes to

    https:// YOUR_BLOG /wp-admin/?test=hack%00

    brings up a 404 page.

    Plugin Author nintechnet

    (@nintechnet)

    That is fine, you are whitelisted.
    If you are blocked from times to times using the editor, it means you have an issue with PHP sessions.
    NinjaFirewall sets a session flag to the admin to whitelist it, and the firewall detects the flag and does not block the admin.
    You could have issues with:
    -The PHP configuration, session expiration.
    -Another plugin that messes with sessions (i.e., start or delete one session without checking if there is already one).

    That is very painful to debug.

    In the meantime, you can try to use the .htninja to whitelist yourself.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘XSS (HTML tag)?’ is closed to new replies.