Purchase OIOpublisher now for just $47.

Take control of your ad space.

Click here to purchase

    • CommentAuthoroutlaw386
    • CommentTimeNov 18th 2016
     

    Today Wordfence has been sending me messages about blocked sql injections in to the oiopublisher plugin. Does the oiopublisher plugin have any such vulnerabilities where a user can execute a sql injection? They are trying to do it through a querty string.

    So far wordfence has blocked many attempts but much of the attempts were made through the oiopublisher plugin.

    Thanks

    Need help?  Quick start guide | Troubleshooting | All help topics
    • CommentAuthorSimon
    • CommentTimeNov 20th 2016 edited
     
    Project Admin

    Not that I'm aware of, but it's always possible with any code.

    Do you have any extra information on what the attempted injections were and what part of OIO was being targeted?

    P.S. what version of OIO are you currently running?

    Need help?  Quick start guide | Troubleshooting | All help topics
    • CommentAuthoroutlaw386
    • CommentTimeNov 20th 2016
     

    Version 2.60.

    Here is the message I got from Wordfence about the attack.

    The Wordfence Web Application Firewall has blocked 307 attacks over the last 10 minutes. Below is a sample of these recent attacks:

    November 18, 2016 8:30am 5.248.176.219 (Ukraine) Blocked for SQL Injection in query string: do=link%";(SELECT * FROM (SELECT(SLEEP(5)))fsEU)#
    November 18, 2016 8:30am 5.248.176.219 (Ukraine) Blocked for SQL Injection in query string: do=link%';(SELECT * FROM (SELECT(SLEEP(5)))fsEU)#
    November 18, 2016 8:29am 5.248.176.219 (Ukraine) Blocked for SQL Injection in query string: do=link%'));(SELECT * FROM (SELECT(SLEEP(5)))fsEU)#
    November 18, 2016 8:29am 5.248.176.219 (Ukraine) Blocked for SQL Injection in query string: do=link%');(SELECT * FROM (SELECT(SLEEP(5)))fsEU)#
    November 18, 2016 8:29am 5.248.176.219 (Ukraine) Blocked for SQL Injection in query string: do=link";(SELECT * FROM (SELECT(SLEEP(5)))fsEU)#
    November 18, 2016 8:29am 5.248.176.219 (Ukraine) Blocked for SQL Injection in query string: do=link"));(SELECT * FROM (SELECT(SLEEP(5)))fsEU)#
    November 18, 2016 8:29am 5.248.176.219 (Ukraine) Blocked for SQL Injection in query string: do=link");(SELECT * FROM (SELECT(SLEEP(5)))fsEU)#
    November 18, 2016 8:29am 5.248.176.219 (Ukraine) Blocked for SQL Injection in query string: do=link')));(SELECT * FROM (SELECT(SLEEP(5)))fsEU)#
    November 18, 2016 8:29am 5.248.176.219 (Ukraine) Blocked for SQL Injection in query string: do=link'));(SELECT * FROM (SELECT(SLEEP(5)))fsEU)#
    November 18, 2016 8:29am 5.248.176.219 (Ukraine) Blocked for SQL Injection in query string: do=link');(SELECT * FROM

    When I was looking through the live traffic they kept Targeting the oiopublsher plugin for some reason I have no idea if it has some vulnerability Or if they were trying to scout it out for one.

    Need help?  Quick start guide | Troubleshooting | All help topics
    • CommentAuthorSimon
    • CommentTimeNov 27th 2016
     
    Project Admin

    Just based on that snippet, I don't think there's anything that could get through. Did they target any other OIO urls?

    Need help?  Quick start guide | Troubleshooting | All help topics