[Marc]

I'm sure this is part of their filtering, but it took me a while to find out that my post was being rejected because I had this text in it: (think "Premiere" in YouTube terms where streaming availability merely starts at a particular time)

This was from this post. Removing the parentheses seemed to allow me to use those words.

I wanted to mention this in case it was worthwhile to pass along to Securi.

 

[kdmorse]

Block ID: SQLi71
Block reason: SQL injection was detected and blocked.

So, something in that text is triggering a pattern match to a known SQL injection. I'll play around with it to see if I can boil it down to a smaller test case, but that's purely out of curiosity. The only real answer is to adjust the post (as you did) so it doesn't trigger that block.

 

[kdmorse]

The above is enough to trigger it. The word broadcast and the opening parenthesis is required to trigger it, so clearly there's a commonly abused broadcast function, that takes parameters in SQL land. I was narrowing it down further when I apparently irritated the firewall and am now sitting out a temp ban.

(At least I hope it's just a temp ban for that IP )

 

[kdmorse]

Appears to be the bare minimum to make it complain.

 

[Marc]

Thanks for figuring that out, @kdmorse!

I also encountered the problem with this text below (changing the brackets to parentheses). There's no "where" inside that phrase, but "broadcast" is clearly a trigger.

The Eurovision Song Contest is ramping up. 39 countries are competing in a live-broadcast [except for Australia's which will be broadcast from a taped live performance] contest that starts with the first of two semi-finals on Tuesday, March 18.

 

[Rob Helmerichs]

Looks like "from" is another SQL term...

 

[kdmorse]

"broadcast" being a trigger has been bugging me - as it's not a sql clause or function. Seeing it pop up again, the lightbulb went on, it's really only triggering on the word cast(. And that makes a lot more sense. casting a subquery to a particular datatype, or just using cast( as obfuscation seems perfectly plausible.

(And yes, select, delete, update, where, and from, are pretty much the backbones of a SQL statement)

 

[Marc]

Ah, yes... CAST() is something with which I have some familiarity.

 

[cwerdna]

Block ID: SQLi71
Block reason: SQL injection was detected and blocked.

I ran into this as well. It's super annoying. No, I'm not trying to do SQL injection attacks.

 

[Mike Lang]

There should be some changes coming to help with this moving forward.

 

[danm628]

I had an odd event tonight. Tried to make a post with a link to a Youtube video. Two attempts from my iPad resulted in failures. Interesting Securi errors with just "error" and no number or anything else displayed. First try on my iMac worked. I tried the iMac to get info to post a report, much easier to do from a desktop system. So I'm not sure if it was a short term issue or an iPad vs desktop issue.