Block UNION SELECT | ww.wp.xz.cn

Resolved Vlada Smitka
(@smitka)

11 years ago

Hi, I think that blocking SQLi via UNION SELECT doesn’t work properly:

There is in the $request_uri_array: UNION\+SELECT

It checks exact string “UNION+SELECT” case insensitive, real sting may be “UNION SELECT”.

The rule “UNION.*SELECT” can be better way.

https://ww.wp.xz.cn/plugins/block-bad-queries/

Viewing 3 replies - 1 through 3 (of 3 total)

Plugin Contributor Julio Potier
(@juliobox)

11 years ago

Hi
Thank you Smitka!
Nice catch

Plugin Author Jeff Starr
(@specialk)

11 years ago

Thanks again, will update the plugin with this next version. In the meantime, feel free to modify the string via the tools here: https://perishablepress.com/bbq-whitelist-blacklist/

Plugin Author Jeff Starr
(@specialk)

10 years, 11 months ago

This is done in version 20150624 🙂

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Block UNION SELECT’ is closed to new replies.

3 replies
3 participants
Last reply from: Jeff Starr
Last activity: 10 years, 11 months ago
Status: resolved