WordPress.org

Ready to get started?Download WordPress

Forums

Contact Form 7
Possible Contact7 exploit/vulnerability I just noticed -- needs attention A (3 posts)

  1. Max Nomad
    Member
    Posted 3 years ago #

    I use this contact form on my website and I think I've found evidence of someone trying out some sort of a hack with it. I was looking through my logs and noticed that someone had attempted to pass a variable to one of my pages that has no parameters:

    http://www.bgpublishing.com/bgp/graphic-design-portfolio/brand-identity-designs/?pid=http://betube.co.uk/hi

    (notice the http://betube.co.uk URL after ?pid=)

    and then out of curiosity I looked at the page source to see if it actually affected the form -- and I saw that it had indeed embedded itself as a parameter within the form action:

    <div class="wpcf7" id="wpcf7-f3-p2025-o1"><form action="/bgp/graphic-design-portfolio/brand-identity-designs/?pid=http%3A%2F%2Fbetube.co.uk%2Fhi#wpcf7-f3-p2025-o1" method="post" class="wpcf7-form">

    So, just to test it again, I turned the /hi into /hiccup , reloaded the page and the same thing happened:

    <div class="wpcf7" id="wpcf7-f3-p2025-o1"><form action="/bgp/graphic-design-portfolio/brand-identity-designs/?pid=http%3A%2F%2Fbetube.co.uk%2Fhiccup#wpcf7-f3-p2025-o1" method="post" class="wpcf7-form">

    Now, when I filled out the app and hit send I received the form's content with no problems but I don't know if it sent a copy of the data to that URL in the UK. I don't know how to stop this so I figured I'd alert you to it in case you weren't already aware of it.

    Thanks...

    http://wordpress.org/extend/plugins/contact-form-7/

  2. Takayuki Miyoshi
    Member
    Plugin Author

    Posted 3 years ago #

    You don't have to worry about that as it's a normal behavior. It's impossible to send a copy to the URL.

  3. Max Nomad
    Member
    Posted 3 years ago #

    Greetings, Takayuki,

    Thank you for the speedy response. I had a suspicion that it might not have been able to pass the form data to the other site. At the same time I wasn't sure because why else would someone try this repeatedly? Any idea what the would-be hack was trying to do?

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic