• Resolved islp

    (@islp)


    Hello, I found this in the Wordfence plugin report:

    The Wordfence Web Application Firewall has blocked 130 attacks over the last 10 minutes. Below is a sample of these recent attacks:October 4, 2022 8:06pm  141.98.9.25 (Lithuania)     Blocked for SQL Injection in POST body: _wpmem_login_nonce = aabef6b220 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
    October 4, 2022 8:06pm  141.98.9.25 (Lithuania)     Blocked for SQL Injection in POST body: _wpmem_login_nonce = aabef6b220 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
    October 4, 2022 8:06pm  141.98.9.25 (Lithuania)     Blocked for SQL Injection in POST body: _wpmem_login_nonce = aabef6b220 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
    October 4, 2022 8:05pm  141.98.9.25 (Lithuania)     Blocked for SQL Injection in POST body: _wpmem_login_nonce = aabef6b220 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL#
    October 4, 2022 8:05pm  141.98.9.25 (Lithuania)     Blocked for SQL Injection in POST body: _wpmem_login_nonce = aabef6b220 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL#
    October 4, 2022 8:05pm  141.98.9.25 (Lithuania)     Blocked for SQL Injection in POST body: _wpmem_login_nonce = aabef6b220 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL#
    October 4, 2022 8:05pm  141.98.9.25 (Lithuania)     Blocked for SQL Injection in POST body: _wpmem_login_nonce = aabef6b220 UNION ALL SELECT NULL,NULL,NULL,NULL#
    October 4, 2022 8:05pm  141.98.9.25 (Lithuania)     Blocked for SQL Injection in POST body: _wpmem_login_nonce = aabef6b220 UNION ALL SELECT NULL,NULL,NULL#
    October 4, 2022 8:05pm  141.98.9.25 (Lithuania)     Blocked for SQL Injection in POST body: _wpmem_login_nonce = aabef6b220 UNION ALL SELECT NULL,NULL#
    October 4, 2022 8:05pm  141.98.9.25 (Lithuania)     Blocked for SQL Injection in POST body: _wpmem_login_nonce = aabef6b220 UNION ALL SELECT NULL#

    Is _wpmem_login_nonce part of WP_Members plugin? Should I be concerned?

Viewing 3 replies - 1 through 3 (of 3 total)
  • im not a security maven but it looks like the attacker inserted the sql into the html…i doubt it came from ur website (& wpmember) like that…and it looks like Wordfence is doing its job, so…

    Plugin Author Chad Butler

    (@cbutlerjr)

    _wpmem_login_nonce is part of WP-Members. It is a WordPress nonce, which is a device used to prevent certain types of form misuse.

    There are a couple of things to note here. First, there’s not a security issue here, and I’ll get to that in a moment. But second and more importantly, if you actually suspect a security issue, don’t post that in a public forum. The proper way to handle potential security issues is to check directly with the developer in a non-public way (such as in this case, the form at https://rocketgeek.com/contact/), and first find out if it is an issue, and if it is, then that gives the developer a chance to address it right away. Bringing more awareness to the security issue tends to increase people being hacked, and rarely speeds up the fixing.

    So getting back to what you’ve noted, as airdrummer mentioned, it appears that Wordfence is doing its job. It’s catching the attempted sql injection simply because its there in the posted data from the form. But that report does not necessarily mean that the attempt would actually be exploitable, and in this case, it’s not something that is exploitable. What you have here is someone trying to probe for an exploit. But the _wpmem_login_nonce verification is not ultimately exploitable.

    Thread Starter islp

    (@islp)

    Ok, sorry for posting here, and thanks.

    • This reply was modified 1 year, 7 months ago by islp.
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘_wpmem_login_nonce and SQL Injection’ is closed to new replies.