Query String Exploit (?)

  • a9fc

    (@a9fc)


    9 years, 11 months ago

    [ Moderator note: moved to How-to and Troubleshooting. ]

    Hey,

    This seems to be happening mostly to wordpress sites.

    Incoming links starting with /? will show the main page instead of a 404, even if it was non-existent.

    I’m not an expert and I might be interpreting wrongly, however it seems like it has something to do with the way wordpress deals with permalinks?

    So, xyz.com/?stupid-giant-dildo/ will still show xyz.com and cause your site to start ranking for spam content on your front page.

    I’ve had to resort to .htaccess workarounds that breaks various functionality of wordpress and its themes. I’m still looking for a permanent solution, but if there’s something that needs to be fixed in wordpress itself, I hope it can be done soon.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator Marius L. J.

    (@clorith)

    9 years, 10 months ago

    Hi,

    Anything appended after a question mark in an URL is considered a query argument, since it isn’t in use, WP discards it internally but anything on the front end it won’t touch (since it’s not the URL you visited, it’s just an argument, and any plugin or theme can add such sections to the URL).

    This is where the canonical URL in the header of your site comes into play, it tells search engines “The page you are looking at right now, it really has this URL without the ?something-here bit”.

    This is not a WordPress problem though, and not something WordPress can fix, that’s how URLs work, and you can append anything you’d like to any website really.

    Thread Starter a9fc

    (@a9fc)

    9 years, 10 months ago

    I see, apologies for my ignorance, thanks for your patience.

    Btw, the problem I have is here. If you have the time and you’re familiar with the issue, could you point me in the right direction?

    If not, then it’s ok, and again, thx for your time =)

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Query String Exploit (?)’ is closed to new replies.