wordpress SQL Injection

Hong Kong was blocked by firewall for SQL Injection in query string:

Wordfence 로그상


https://mvc.auctionpro.co.kr/?page_id=-4659%29+OR+3553%3D%28SELECT+UPPER%28XMLType%28CHR%2860%29%7C%7CCHR%2858%29%7C%7CCHR%28113%29%7C%7CCHR%28107%29%7C%7CCHR%28112%29%7C%7CCHR%28113%29%7C%7CCHR%28113%29%7C%7C%28SELECT+%28CASE+WHEN+%283553%3D3553%29+THEN+1+ELSE+0+END%29+FROM+DUAL%29%7C%7CCHR%28113%29%7C%7CCHR%28120%29%7C%7CCHR%28106%29%7C%7CCHR%28113%29%7C%7CCHR%28113%29%7C%7CCHR%2862%29%29%29+FROM+DUAL%29+AND+%282278%3D2278

https://mvc.auctionpro.co.kr/?page_id=-4659)+OR+3553=(SELECT+UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(107)||CHR(112)||CHR(113)||CHR(113)||(SELECT+(CASE+WHEN+(3553=3553)+THEN+1+ELSE+0+END)+FROM+DUAL)||CHR(113)||CHR(120)||CHR(106)||CHR(113)||CHR(113)||CHR(62)))+FROM+DUAL)+AND+(2278=2278

https://mvc.auctionpro.co.kr/?page_id=-4659%29+OR+3553%3D%28SELECT+UPPER%28XMLType%28CHR%2860%29%7C%7CCHR%2858%29%7C%7CCHR%28113%29%7C%7CCHR%28107%29%7C%7CCHR%28112%29%7C%7CCHR%28113%29%7C%7CCHR%28113%29%7C%7C%28SELECT+%28CASE+WHEN+%283553%3D3553%29+THEN+1+ELSE+0+END%29+FROM+DUAL%29%7C%7CCHR%28113%29%7C%7CCHR%28120%29%7C%7CCHR%28106%29%7C%7CCHR%28113%29%7C%7CCHR%28113%29%7C%7CCHR%2862%29%29%29+FROM+DUAL%29+AND+%282278%3D2278

https://mvc.auctionpro.co.kr/?page_id=-4659)+OR+3553=(SELECT+UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(107)||CHR(112)||CHR(113)||CHR(113)||(SELECT+(CASE+WHEN+(3553=3553)+THEN+1+ELSE+0+END)+FROM+DUAL)||CHR(113)||CHR(120)||CHR(106)||CHR(113)||CHR(113)||CHR(62)))+FROM+DUAL)+AND+(2278=2278

IP 체크 하니 결과가 없습니다. 로 나옵니다.


We can't find any results. Possibly IP address is unallocated or its whois server is not available.

We can't find any results. Possibly IP address is unallocated or its whois server is not available.

sample 2


"GET /?page_id=328%2F%2A%2A%2F%22%29%29%2F%2A%2A%2FUNION%2F%2A%2A%2FALL%2F%2A%2A%2F
SELECT%2F%2A%2A%2F1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13
%2C14%2C15%2C16%2C17%2C18%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C27%2C%28CHAR%28117%29%2BCHAR%2876%29%2BCHAR%2866%29%2BCHAR%28113%29%2B%28SELECT%2F%2A%2A%2F%28CASE%2F%2A%2A%2FWHEN%2F%2A%2A%2F%288919%3D8919%29%2F%2A%2A%2FTHEN%2F%2A%2A%2FCHAR%2849%29%2F%2A%2A%2FELSE%2F%2A%2A%2FCHAR%2848%29%2F%2A%2A%2FEND%29%29%2BCHAR%28105%29%2BCHAR%2897%29%2BCHAR%2869%29%2BCHAR%28111%29%29%2C29%2C30%2C31%2C32%2C33%2C34%2C35%2C36%2C37%2F%2A%2A%2F%2F%2A%2A%2F%2F%2A%2A%2FAND%2F%2A%2A%2F%28%28%22D8eD%22%2F%2A%2A%2FLIKE%2F%2A%2A%2F%22D8eD

"GET /?page_id=328%2F%2A%2A%2F%22%29%29%2F%2A%2A%2FUNION%2F%2A%2A%2FALL%2F%2A%2A%2F

SELECT%2F%2A%2A%2F1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13

%2C14%2C15%2C16%2C17%2C18%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C27%2C%28CHAR%28117%29%2BCHAR%2876%29%2BCHAR%2866%29%2BCHAR%28113%29%2B%28SELECT%2F%2A%2A%2F%28CASE%2F%2A%2A%2FWHEN%2F%2A%2A%2F%288919%3D8919%29%2F%2A%2A%2FTHEN%2F%2A%2A%2FCHAR%2849%29%2F%2A%2A%2FELSE%2F%2A%2A%2FCHAR%2848%29%2F%2A%2A%2FEND%29%29%2BCHAR%28105%29%2BCHAR%2897%29%2BCHAR%2869%29%2BCHAR%28111%29%29%2C29%2C30%2C31%2C32%2C33%2C34%2C35%2C36%2C37%2F%2A%2A%2F%2F%2A%2A%2F%2F%2A%2A%2FAND%2F%2A%2A%2F%28%28%22D8eD%22%2F%2A%2A%2FLIKE%2F%2A%2A%2F%22D8eD


328/**/"))
/**/UNION/**/ALL
/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,
(CHAR(117)+CHAR(76)+CHAR(66)+CHAR(113)+
(SELECT/**/(CASE/**/WHEN/**/(8919=8919)/**/THEN/**/CHAR(49)
/**/ELSE/**/CHAR(48)/**/END))+CHAR(105)+CHAR(97)+CHAR(69)+
CHAR(111)),29,30,31,32,33,34,35,36,37/**//**//**/AND/**/(("D8eD"/**/LIKE/**/"D8eD

328/**/"))

/**/UNION/**/ALL

/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,

(CHAR(117)+CHAR(76)+CHAR(66)+CHAR(113)+

(SELECT/**/(CASE/**/WHEN/**/(8919=8919)/**/THEN/**/CHAR(49)

/**/ELSE/**/CHAR(48)/**/END))+CHAR(105)+CHAR(97)+CHAR(69)+

CHAR(111)),29,30,31,32,33,34,35,36,37/**//**//**/AND/**/(("D8eD"/**/LIKE/**/"D8eD

Solution

.htaccess 에 추가


RewriteEngine On
RewriteCond %{QUERY_STRING} (\%27)|(\')|(\-\-)|(\%23)|(#)
RewriteRule .* - [F]

RewriteEngine On

RewriteCond %{QUERY_STRING} (\%27)|(\')|(\-\-)|(\%23)|(#)

RewriteRule .* - [F]

RewriteEngine On:
- Apache 웹 서버의 URL 재작성 엔진을 켭니다. 이 엔진을 통해 URL을 재작성하거나 특정 조건에 따라 요청을 차단할 수 있습니다.
RewriteCond %{QUERY_STRING} (%27)|(‘)|(–)|(%23)|(#):
- RewriteCond는 재작성 조건을 지정합니다. 여기서는 QUERY_STRING (URL의 쿼리 문자열)이 특정 패턴과 일치하는지를 확인합니다.
- (\%27)와 (\')는 URL에 포함된 인코딩된 또는 일반적인 단일 인용 부호(‘)를 찾습니다.
- (\-\-)는 SQL 주석 구문인 연속된 두 개의 하이픈(–)을 찾습니다.
- (\%23)와 (#)는 URL에 포함된 인코딩된 또는 일반적인 해시 기호(#)를 찾습니다.
- 이러한 패턴은 일반적으로 SQL 인젝션 공격이나 기타 악성 활동에 사용될 수 있습니다.
*RewriteRule . – [F]**:
- RewriteRule은 조건에 맞는 경우 적용할 규칙을 지정합니다.
- .*는 모든 URL을 의미합니다.
- -는 URL을 변경하지 않는다는 의미입니다.
- [F]는 HTTP 상태 코드 403 (Forbidden)을 반환하여 해당 요청을 차단합니다.

요약하면, 이 .htaccess 설정은 URL의 쿼리 문자열에 특정 위험한 문자가 포함된 경우, 해당 요청을 403 Forbidden 상태 코드로 차단하여 웹 사이트를 보호합니다.