SQL Injection

  • Resolved danushkaj91

    (@danushkaj91)


    3 years, 9 months ago

    Hi,

    Thanks for the great plugin.

    We’ve had some crazy amount of CPU spikes recently and when I checked the Relevanssi log, I see a lot of these queries. Does Relevanssi not sanitize user inputs?

    Screenshot: https://i.postimg.cc/VLfLFQFL/rel.png

    Thanks

    346694 unicorn’)/**/and/**/1215=cast((chr(113)||chr(120)||chr(120)||chr(122)||chr(113))||(select/**/(case/**/when/**/(1215=1215)/**/then/**/1/**/else/**/0/**/end))::text||(chr(113)||chr(107)||chr(106)||chr(1 1246 8/29/2022 3:33 0 5.183.253.93
    346695 unicorn’/**/and/**/1215=cast((chr(113)||chr(120)||chr(120)||chr(122)||chr(113))||(select/**/(case/**/when/**/(1215=1215)/**/then/**/1/**/else/**/0/**/end))::text||(chr(113)||chr(107)||chr(106)||chr(11 1246 8/29/2022 3:33 0 5.183.253.93

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Mikko Saari

    (@msaari)

    3 years, 9 months ago

    Yes, Relevanssi sanitizes all user inputs. Relevanssi doesn’t stop people from attempting SQL injections but doesn’t make any SQL queries that aren’t protected from injections.

    Since they all seem to be coming from a single IP, I recommend blocking that IP at the server level.

    Thread Starter danushkaj91

    (@danushkaj91)

    3 years, 9 months ago

    Thank you for the confirmation. Yes, I’ve blocked the IP. Thanks

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘SQL Injection’ is closed to new replies.