False Positive SQL Injection | WordPress.org

Resolved nicegamer7
(@nicegamer7)

6 years, 3 months ago
Does WordFence block any SQL query it detects? I’ve been able to trigger a 403 using this href, /wp-admin/admin-ajax.php?test=UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL# (it doesn’t actually do anything. try it on a site with WordFence installed).

The reason I’m asking is because I received an email telling me WordFence has blocked 130 SQL Injection attacks. But I’m pretty sure they’re all false positives.
- This topic was modified 6 years, 3 months ago by nicegamer7.

Viewing 4 replies - 1 through 4 (of 4 total)

WFGerroald
(@wfgerald)

6 years, 3 months ago

Hey @nicegamer7,

Wordfence does not block all SQL queries.

Can you please share screenshots of blocks in Wordfence > Live Traffic? Please share the expanded Details, this will give us a better idea of if they’re false positives or not.

Please let me know.

Thanks,

Gerroald
Thread Starter nicegamer7
(@nicegamer7)

6 years, 3 months ago
For example: https://i.imgur.com/tc1ptNg.png
- This reply was modified 6 years, 3 months ago by nicegamer7.
wfdave
(@wfdave)

6 years, 3 months ago

Hi @nicegamer7,

It is true that the query you wrote does nothing – however, it has the potential to reveal to the attacker that your site is susceptible to SQL injection.

For example, another type of attack, directory traversal is also blocked by Wordfence.

/?file=../../../some_file – even if some_file does not exist, your site could spit out a message that indicates that it is reading out sensitive files.

The point is to prevent the attacker from even being able to test if your site is vulnerable.

Dave

Thread Starter nicegamer7
(@nicegamer7)

6 years, 3 months ago

Ok, thank you, that answers my question.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘False Positive SQL Injection’ is closed to new replies.

4 replies
3 participants
Last reply from: nicegamer7
Last activity: 6 years, 3 months ago
Status: resolved