Recent attack on website using cff-scripts.js

  • Resolved dipaksaraf

    (@dipaksaraf)


    3 years, 7 months ago

    Hello,

    We have been using your plugin on our website and we have found that day before yesterday there was a huge attack on our website with the use of your plugin.

    Though we had security in place and it was blocked, but not sure if there is any known vulnerability in your plugin which might be causing this huge surge in attack( SQL Injection) on our website.

    by firewall for SQL Injection in POST body: ver=%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 at /wp-content/plugins/custom-facebook-feed/js/cff-scripts.js

    Would love your view and inputs on this issue.

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Contributor Craig at Smash Balloon

    (@craig-at-smash-balloon)

    3 years, 7 months ago

    Hey Dan,

    Sorry to hear that you had an attack! Were there any other details about what the attacker was trying to do? This alone doesn’t give any hints.

    There aren’t any known vulnerabilities in the plugin. We would definitely like to look into it if you have any more information though. Here is a link to our support form on our website if you can provide anything further:

    https://smashballoon.com/support/

    Thanks,

    Craig

    Thread Starter dipaksaraf

    (@dipaksaraf)

    3 years, 7 months ago

    Hey Craig,

    I have raised a support ticket with your website. Can you have a look at it and share some insight into the issue.

    Thanks
    Dipak

    Plugin Contributor Craig at Smash Balloon

    (@craig-at-smash-balloon)

    3 years, 6 months ago

    Hey Dipak,

    Thanks for sending the log!

    We discussed this issue as a team and determined that this was likely a random attack and was not trying to exploit anything specific in our plugin. From what we can tell from your report, there was data sent using POST request to a JavaScript file. Our JavaScript file does not process POST data. The specific piece of data is also not using a key that is processed anywhere in our plugin.

    We are reviewing our plugins for SQL injection vulnerabilities to be safe but don’t think this attack would have any possibility of success.

    Let me know if you have more questions.

    – Craig

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Recent attack on website using cff-scripts.js’ is closed to new replies.