• 1

Read this first!

We do not monitor these forums. The forum is provided to exchange information and experience with other users ONLY. Forum responses are not guaranteed.

However, please submit a ticket if you have an active subscription and wish to receive support. Our ticketing system is the only way of getting in touch with RSJoomla! and receiving the official RSJoomla! Customer Support.

For more information, the Support Policy is located here.

Thank you!

TOPIC: Possible SQL injection attempt through RSForms Pro

Possible SQL injection attempt through RSForms Pro 11 years 7 months ago #25169

  • ksmall
  • ksmall's Avatar
  • OFFLINE
  • Fresh Boarder
  • Posts: 13
Greetings,

This morning I found 30 submissions via one of our RSForms from the same entity. Before I give an example of what we received I want to say that I had the submit button unpublished. Shouldn't that stop people from submitting data if there is no submit button?

Here are a couple examples of what was passed:

alert('SAINTL2RhdGVib29rLWV2ZW50cy9ldmVudHMvaGVhbHRoaWVzdC1jb21wYW5pZXMtcGFnZS9oZWFsdGhpZXN0LWNvbXBhbmllcy1ub21pbmF0aW9uIGZvcm0lNUJQaG9uZSU1RA==')

saintcho var="HTTP_USER_AGENT"-->"

alert('SAINTL2RhdGVib29rLWV2ZW50cy9ldmVudHMvaGVhbHRoaWVzdC1jb21wYW5pZXMtcGFnZS9oZWFsdGhpZXN0LWNvbXBhbmllcy1ub21pbmF0aW9uIGZvcm0lNUJDb21wYW55X05hbWUlNUQ=')

Does this look like anything to anyone?

Thanks
The administrator has disabled public write access.

Possible SQL injection attempt through RSForms Pro 11 years 7 months ago #25172

  • octavian
  • octavian's Avatar
  • OFFLINE
  • RSJoomla! Official Staff
  • Posts: 783
  • Thank you received: 110
Just to clarify that this is not an SQL injection attempt - it's actually an XSS attempt.
The fact that you've removed the submit button doesn't make the form non-submittable. The submit button is there just for the user's convenience, forms can be submitted regardless.

These types of attacks are quite common. If the attack didn't succeed, there's nothing to worry about.
Please note: my help is not official customer support. To receive your support, submit a ticket by clicking here
Regards,
RSJoomla! Development Team
The administrator has disabled public write access.

Possible SQL injection attempt through RSForms Pro 11 years 7 months ago #25181

  • ksmall
  • ksmall's Avatar
  • OFFLINE
  • Fresh Boarder
  • Posts: 13
Thank you octavian. Is there a way to protect RSForm from these attacks?
The administrator has disabled public write access.
  • 1

Read this first!

We do not monitor these forums. The forum is provided to exchange information and experience with other users ONLY. Forum responses are not guaranteed.

However, please submit a ticket if you have an active subscription and wish to receive support. Our ticketing system is the only way of getting in touch with RSJoomla! and receiving the official RSJoomla! Customer Support.

For more information, the Support Policy is located here.

Thank you!