TiVo Community Forum banner
1 - 11 of 11 Posts

· UMF Catalyst
Cogitamus Ergo Sumus
Joined
·
24,707 Posts
Discussion Starter · #1 ·
I'm sure this is part of their filtering, but it took me a while to find out that my post was being rejected because I had this text in it: (think "Premiere" in YouTube terms where streaming availability merely starts at a particular time)

This was from this post. Removing the parentheses seemed to allow me to use those words.

I wanted to mention this in case it was worthwhile to pass along to Securi.

Font Screenshot Number Circle Parallel


Rectangle Font Screenshot Parallel Software
 

· Premium Member
Joined
·
10,985 Posts
Block ID: SQLi71
Block reason: SQL injection was detected and blocked.

So, something in that text is triggering a pattern match to a known SQL injection. I'll play around with it to see if I can boil it down to a smaller test case, but that's purely out of curiosity. The only real answer is to adjust the post (as you did) so it doesn't trigger that block.
 

· Premium Member
Joined
·
10,985 Posts
Font Logo Brand Rectangle Art


The above is enough to trigger it. The word broadcast and the opening parenthesis is required to trigger it, so clearly there's a commonly abused broadcast function, that takes parameters in SQL land. I was narrowing it down further when I apparently irritated the firewall and am now sitting out a temp ban.

(At least I hope it's just a temp ban for that IP ;) )
 

· UMF Catalyst
Cogitamus Ergo Sumus
Joined
·
24,707 Posts
Discussion Starter · #5 ·
Thanks for figuring that out, @kdmorse!

I also encountered the problem with this text below (changing the brackets to parentheses). There's no "where" inside that phrase, but "broadcast" is clearly a trigger.

The Eurovision Song Contest is ramping up. 39 countries are competing in a live-broadcast [except for Australia's which will be broadcast from a taped live performance] contest that starts with the first of two semi-finals on Tuesday, March 18.
 

· Premium Member
Joined
·
10,985 Posts
"broadcast" being a trigger has been bugging me - as it's not a sql clause or function. Seeing it pop up again, the lightbulb went on, it's really only triggering on the word cast(. And that makes a lot more sense. casting a subquery to a particular datatype, or just using cast( as obfuscation seems perfectly plausible.

(And yes, select, delete, update, where, and from, are pretty much the backbones of a SQL statement)
 

· Administrator
Joined
·
8,171 Posts
There should be some changes coming to help with this moving forward.
 

· Premium Member
Joined
·
18,612 Posts
I had an odd event tonight. Tried to make a post with a link to a Youtube video. Two attempts from my iPad resulted in failures. Interesting Securi errors with just "error" and no number or anything else displayed. First try on my iMac worked. I tried the iMac to get info to post a report, much easier to do from a desktop system. So I'm not sure if it was a short term issue or an iPad vs desktop issue.
 
1 - 11 of 11 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top