New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Perhaps XSS?
Hi everyone, today i found something very strange in my user database. Some fields contain texts like following
!S!WCRTESTTEXTAREA000000!E!
!S!WCRTESTINPUT000002<><>%3c%3e!E!
!S!WCRTESTTEXTAREA000000!E!' and '7'='2
I googled and found that these texts appear everywhere. Do you have any idea?
Cheers.
Comments
Someone scanned your site for SQL/XSS (or more types) vulnerabilities, and those went past and got inserted in the database.
you should be fine as far as vulnerabilities of this type (database) go.
If you're escaping (using PDO prepare or other type of sanitization/escaping) SQL queries before executing them, and you are encoding them before displaying them to the user (aka < becomes & lt
Thanks @vld, actually I did use PDO prepareStatement for all of my queries thus it makes this issue more serious for me. Besides, these texts do not look suspicious to me (or does it?)
I lean toward XSS because it happened with authenticated users.
They look suspicious as they were an attempt to modify the sites behavior, potentially leading to more serious attacks (aka dumping the databases or worse). As long as you escape the data before output, you shouldn't be worried about XSS attacks.
You could also add a character white list, to disallow any character that shouldn't be in a field (like <> in Name). This can be easily done with regex.