SQL pattern detected :[POST:text]  - Shortcodes Ultimate Plugin, other?

  • azurelinksc
  • Topic Author
  • Offline
  • Senior Member
  • Senior Member
More
2 months 2 days ago - 2 months 2 days ago #9322 by azurelinksc
Hola Jose,

My admins keep triggering the firewall with the following error:
SQL pattern detected :[POST:text] 

They are using the Shortcuts Ultimate plugin to create pages which uses square brackets to surround tags for for creating various elements in articles:

Examples:
Warning: Spoiler!
Last edit: 2 months 2 days ago by azurelinksc.

Please Log in or Create an account to join the conversation.

More
2 months 2 days ago #9323 by Jose
Hola azurelink!

Yes, a code like that will launch the SQL injection filter as there are some words used in this kind of attacks (in this code, 'order_by' and 'limit'). In cases like this is difficult to determine if we're under attack or not...

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • azurelinksc
  • Topic Author
  • Offline
  • Senior Member
  • Senior Member
More
2 weeks 6 days ago #9355 by azurelinksc
It happened again. What should I do? Exclude com_k2? Which is where the Shortcodes are being used, Or exclude the plugin itself? Or both? And this is happening in the backend when trying to save a K2 Item.

Please Log in or Create an account to join the conversation.

More
2 weeks 6 days ago #9356 by Jose
Hi azurelink,

Yes, add the component involved as exception.

Let me explain how the firewall works: it checks any html tag, words used in SQL or xss attacks... Sometimes those html tags or the other words are used in some extensions, so we must tell the firewall that there is no problem with that because this have been done by us. Once the firewall is configured for each site you will not be disturbed anymore, but the firewall will be protecting our site.

There is nothing bad adding exceptions.

Regards,
Jose

Please Log in or Create an account to join the conversation.

More
2 weeks 6 days ago #9357 by Jose
Anyway there is a way to exclude groups of rules: scpdocs.securitycheckextensions.com/conf...ion/rules_management

I don't recommend it for super user accounts but you can use this method if you don't like being disturbed by those false positives.

Regards,
Jose
The following user(s) said Thank You: azurelinksc

Please Log in or Create an account to join the conversation.

  • azurelinksc
  • Topic Author
  • Offline
  • Senior Member
  • Senior Member
More
2 weeks 23 hours ago #9365 by azurelinksc
So to be clear, even if a component is excluded visitors viewing those K2 Items in a browser will not be able to attempt to inject SQL code into the URL or other input fields?

Please Log in or Create an account to join the conversation.

Time to create page: 0.342 seconds