SQL Injections blocked while posting php code

  • Resolved dimal

    (@dimalifragis)


    4 years, 5 months ago

    Hello.

    We have a forum (using wpForo plugin) for developers. We have a major problem with users trying to post code changes and suggestions in the topics and being blocked by Ninja Firewall because of SQL injections (as i see in the log).

    How can i solve this?

    Thanks

Viewing 6 replies - 1 through 6 (of 6 total)
  • Thread Starter dimal

    (@dimalifragis)

    4 years, 5 months ago

    In the log the only thing i see that could be the reason is some

    "actually works.</p>%0d%0a<p>For example if you enter"

    Could that “%0d%0a” be the issue?

    Thread Starter dimal

    (@dimalifragis)

    4 years, 5 months ago

    Let me add here that this happens RANDOMLY. Most of the times it doesn’t happen and we are able to post whatever code we want.

    I tried to replicate it and failed.

    Plugin Author nintechnet

    (@nintechnet)

    4 years, 5 months ago

    Which rule number is it? You can find it in the firewall’s log.

    Thread Starter dimal

    (@dimalifragis)

    4 years, 5 months ago

    05/Jan/22 03:35:06 #6594195 CRITICAL 252 IP POST /wp-admin/admin-ajax.php – SQL injection – [POST:body =

    05/Jan/22 03:36:39 #2114343 CRITICAL IP POST /index.php – SQL injection – [POST:post = 2 476 RE:

    Plugin Author nintechnet

    (@nintechnet)

    4 years, 5 months ago

    You can safely disable the rule ID 252 (NinjaFirewall > Security Rules > Rules Editor). It’s a rule that will be removed in the next few days anyway because it’s no longer needed.

    Thread Starter dimal

    (@dimalifragis)

    4 years, 5 months ago

    I will do that, thank you

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘SQL Injections blocked while posting php code’ is closed to new replies.