single quotes in parameters trigger security rules of NinjaFirewall

  • Resolved Anonymous User 17880307

    (@anonymized-17880307)


    3 years, 3 months ago

    Hi there,

    it seems you add single quotes to the parameters and search terms to separate them.

    Generally this is not needed as all values in there are already strings.

    Additionally this triggers security rules of plugins like NinjaFirewall as this is misinterpreted as attack vector (XSS, SQL Injection).

    "11/Aug/21 17:30:17 #5166782 HIGH 300 a.b.c.xxx GET /index.php - Leading quote - [GET:hilite = 'some-word'] - example.de"

    You might want to remove these single quotes and use a different separator for the terms. Instead of a comma you could use some special ones like :::, ;;;, ___or something else. Maybe double quotes would work but generally it would be probably better to not use quotes as enclosures.

    Best is if you test it with the NinjaFirewall when you are logged out to see which cases actually work and which don’t (trigger the security rules).

Viewing 4 replies - 1 through 4 (of 4 total)
Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘single quotes in parameters trigger security rules of NinjaFirewall’ is closed to new replies.