Support » Fixing WordPress » Worrisome oembed hits

  • Resolved Mike Witt

    (@mike80222)


    I’m getting oembed hits to my wordpress site that look like some kind of hacking attempts. Here’s an example:

    /wp-json/oembed/1.0/embed?url=https%3A%2F%2FMySite.com%2Fprivacy%2F&format=xml&Hmjy%3D2697%20AND%201%3D1%20UNION%20ALL%20SELECT%201%2CNULL%2C%27%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E%27%2Ctable_name%20FROM%20information_schema.tables%20WHERE%202%3E1--%2F%2A%2A%2F%3B%20EXEC%20xp_cmdshell%28%27cat%20..%2F..%2F..%2Fetc%2Fpasswd%27%29%23

    I haven’t had any success searching for information about this (and I’m not sure exactly what to search on). Could somebody point me in the right direction?

    • This topic was modified 1 year, 1 month ago by Jan Dembowski. Reason: Moved to Fixing WordPress, this is not an Everything else WordPress topic
Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator Steve Stern (sterndata)

    (@sterndata)

    Forum Moderator & Support Team Volunteer

    As long as their failing, it really doesn’t matter. It looks like a probe to see if your site is open to a SQL injection attack.

    Do you have a plugin like WordFence installed?

    Thread Starter Mike Witt

    (@mike80222)

    I’m not using WordFence specifically. AFAIK I’m not vulnerable to SQL injections, but I don’t really have much experience with this. I’m also unclear what the relationship is to oembed. If you could suggest a reference where I could learn more about this I would appreciate it.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Worrisome oembed hits’ is closed to new replies.