BASE64-encoded injection (wrong)

  • Resolved dimal

    (@dimalifragis)


    6 years, 11 months ago

    Hello.

    I have see some page not working on my WP site. F12 shows “POST ….. wp-admin/admin-ajax.php 403” at “jquery.js?ver=1.12.4:4” and a log:

    11/Jul/19 16:51:17 #7602151 CRITICAL – MY IP – POST /wp-admin/admin-ajax.php – BASE64-encoded injection – [POST:data = W2Vjcy1saXN0LWV2ZW50cyBjb250ZW50b3JkZXI9J3RpdGxlLCB0aHVtYm5haWwsIGV4Y2VycHQsIGRhdGUsIHZlbnVlJyBrZXk9J3N0YXJ0IGRhdGUnXTxicj48YSBocmVmPSJodHRwczovL3d3dy5kaXNjb3ZlcnZlbmljZS5ldS9ldmVudHMvIj48…] – mywebsite.here

    This can’t be correct and also i check my Ninja FW settings and i see all “ajax” opeions and below UNSELECTED (8 options incl REST API).

    So i’m not sure what it means and why i have that.

    Any ideas ?

    Thanks

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author nintechnet

    (@nintechnet)

    6 years, 11 months ago

    It is a base64-encoded payload containing some code and, because you have the “Firewall Policies > Intermediate Policies > Decode Base64-encoded POST variable” policy enabled, it was blocked. It is not related to the “admin-ajax.php” policy which blocks bots, not payloads.

    • This reply was modified 6 years, 11 months ago by nintechnet.
    Thread Starter dimal

    (@dimalifragis)

    6 years, 11 months ago

    Turning that to off, seems to solve the problem.

    In the meantime, i have found the problem, it is a plugin ajaxized widget.

    https://ww.wp.xz.cn/plugins/no-cache-ajax-widgets/

    And it is related to admin-ajax somehow, since disabling what you mention for base64, solves also the 403 admin-ajax error.

    Thanks

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘BASE64-encoded injection (wrong)’ is closed to new replies.