Discussions » Greasy Fork Feedback

SQL injection urls on Greasy Fork?

§
Posted: 2017-11-03

SQL injection urls on Greasy Fork?

Hi,

I just noticed that on my Greasy Fork profile page, there was added strange prefixs to the urls pointing to my script pages from. Now they have disappeared again, so maybe it is something that comes and goes away again. But at the time of writing you can see something similar on these two profile pages:

https://greasyfork.org/en/users/104201-%E9%BB%84%E7%9B%90
(Every script-link has added "?locale_override=1'A=0'" to it)

https://greasyfork.org/en/users/7036-xinggsf
(Every script-link has added "?locale_override=9'A=0'A=0'A=0" to it)

Has somebody hacked greasyfork.com or is it some kind of innoncent site error?

I have checked in multiple browsers and on two PCs, to make sure it was not my PC or browser. But same behavior.

§
Posted: 2017-11-03

And above are gone again, but now it's on:

https://greasyfork.org/en/users/47767-%E7%8C%8E%E9%9A%BC%E4%B8%B6%E6%AD%A2%E6%88%88

(?locale_override=9%27A%3D0+HACK+AGARIO+COINS)

§
Posted: 2017-11-03

The site will cache results. The site also maintains your "locale_override" choice (used when you pick a different language). If the request that populates the cache has a locale_override parameter, then everyone else will see that. I have fixed this bug.

As to the actual values it's taking, I would guess it's a scanner trying to find vulnerabilities. This is a pretty typical thing that any public website has to put up with.

§
Posted: 2017-11-04

Thanks for fix and explanation. Good to hear it was just an innocent bug :-)

Post reply

Sign in to post a reply.