Support » Plugin: The Events Calendar » Injection in query string

  • Sorry I’m posting again as I can’t see the topic that I just posted.
    Hope it’s not a duplicate.

    I’m using the Wordfence plugin and I received this email today. It seems that someone is trying to perform a SQL injection using The Events Calendar.
    Is there something I can do?

    febbraio 13, 2017 1:34pm  162.254.252.203 (United States)     Blocked for SQL Injection in query string: tribe_event_display=past" or (1,2)=(select*from(select name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_consê
    febbraio 13, 2017 1:34pm  162.254.252.203 (United States)     Blocked for SQL Injection in query string: tribe_event_display=past' or (1,2)=(select*from(select name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_consê
    febbraio 13, 2017 1:34pm  162.254.252.203 (United States)     Blocked for SQL Injection in query string: tribe_event_display=past or (1,2)=(select*from(select name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_constê
    febbraio 13, 2017 1:34pm  162.254.252.203 (United States)     Blocked for SQL Injection in query string: tribe_event_display=past1111111111111" UNION SELECT CHAR(45,120,49,45,81,45),CHAR(45,120,50,45,81,45),CHAR(45,120,51,45,ê
    febbraio 13, 2017 1:34pm  162.254.252.203 (United States)     Blocked for SQL Injection in query string: tribe_event_display=past1111111111111" UNION SELECT CHAR(45,120,49,45,81,45),CHAR(45,120,50,45,81,45),CHAR(45,120,51,45,ê
    febbraio 13, 2017 1:34pm  162.254.252.203 (United States)     Blocked for SQL Injection in query string: tribe_event_display=past1111111111111" UNION SELECT CHAR(45,120,49,45,81,45),CHAR(45,120,50,45,81,45),CHAR(45,120,51,45,ê
    febbraio 13, 2017 1:34pm  162.254.252.203 (United States)     Blocked for SQL Injection in query string: tribe_event_display=past1111111111111" UNION SELECT CHAR(45,120,49,45,81,45),CHAR(45,120,50,45,81,45),CHAR(45,120,51,45,ê
    febbraio 13, 2017 1:34pm  162.254.252.203 (United States)     Blocked for SQL Injection in query string: tribe_event_display=past1111111111111" UNION SELECT CHAR(45,120,49,45,81,45),CHAR(45,120,50,45,81,45),CHAR(45,120,51,45,ê
    febbraio 13, 2017 1:34pm  162.254.252.203 (United States)     Blocked for SQL Injection in query string: tribe_event_display=past1111111111111" UNION SELECT CHAR(45,120,49,45,81,45),CHAR(45,120,50,45,81,45),CHAR(45,120,51,45,ê
    febbraio 13, 2017 1:34pm  162.254.252.203 (United States)     Blocked for SQL Injection in query string: tribe_event_display=past1111111111111" UNION SELECT CHAR(45,120,49,45,81,45),CHAR(45,120,50,45,81,45),CHAR(45,120,51,45,ê
Viewing 1 replies (of 1 total)
  • Hey @lorenzone92,

    Thanks for using The Events Calendar, I’m happy to help. In order to help, I need a couple things from you:

    -Please test for conflicts by following this documentation & let me know what you find
    -Can you send me a link so I can see this firsthand?

    Thanks!
    Shelby 🙂

Viewing 1 replies (of 1 total)
  • The topic ‘Injection in query string’ is closed to new replies.