WordPress.org

Ready to get started?Download WordPress

Forums

Job Manager
POSSIBLE SEVERE SECURITY ISSUE (3 posts)

  1. 3ring
    Member
    Posted 2 years ago #

    About 2 weeks ago I installed Job Manager 0.7.18 with WP 3.2.1.

    All of the functions of JM are working fine, but I am under some sort of attack, daily. The attacks are only one per day, at a random time, and last only for a few minutes, but the attack(er) is able to fill out 100's of job applications on each of the jobs I have posted. I've had over 3000 attack job apps posted in the last week.

    I have installed SI Captcha, with no effect.

    The forms that I receive are somehow bypassing the standard validation because the email field is never filled a valid email, yet the forms still get sent to me.

    You can see that some sort of attack is going on form the strings filling some of the fields, examples below:
    'City: x'+wAiTfOr+dELay+'0:0:20'--'
    'Country: XxX1322084617360XxX'
    'Where did you complete your degree?: XxX1322084617360XxX'

    Most apps I receive have a simple 0 in each field, with only one random field having this weird code in it.

    Example of full email I receive, below"

    Job: 154 - XHTML / CSS Production Specialist
    http://www.3ring.com/jobs/xhtml-css-production-specialist/
    
    Timestamp: 2011-11-23 23:31:32
    
    Name: 0
    Surname: 0
    Email Address: webappscanner@mcafeesecure.com
    Address: 0
    City: 0
    Post code: 0
    Country: 0
    Telephone: 0
    Cell phone: 1+DeClARe+@x+varchar(99)+set+@x=0x77616974666f722064656c61792027303a303a323027+exec(@x)--

    Any suggestions?

    http://wordpress.org/extend/plugins/job-manager/

  2. 3ring
    Member
    Posted 2 years ago #

    Here's another example of an application that passed validation without an email:

    Job: 154 - XHTML / CSS Production Specialist
    http://www.3ring.com/jobs/xhtml-css-production-specialist/
    
    Timestamp: 2011-11-23 23:32:40
    
    Name: 0
    Surname: 0
    Email Address: /boot.ini%00
    Address: 0
    City: 0
    Post code: 0
    Country: 0
    Telephone: 0
    Cell phone: 0
    Do you have a degree?: Yes
    Where did you complete your degree?: 0
    Title of your degree: 0
    : I have read and understood the Privacy Policy and Terms of Use.
  3. Gary Pendergast
    Member
    Plugin Author

    Posted 2 years ago #

    Thanks for the security report! I'm investigating a solution for this now, it just needs a bit more testing. :)

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic