website is vulnerable to SQL injection attacks
By Nubuwat on Tuesday, 24 December 2013
Posted in General Issues
Replies 5
Likes 0
Views 1.1K
Votes 0
I am receiving this error from my website scanner that

"Your website is vulnerable to SQL injection attacks". Can you kindly check it . Thanks
Hello Nubuwat,

I am sorry for the delay of this reply as it is a public holiday for us here. I have checked your site and the problem seems to arise in the "System - JotCache" plugin. After disabling the JotCache plugin, the error is no longer encountered. If you try to access the URL now, https://nubuwat.com/discuss/tags/sahih-al_bukhari.html?type=%27+convert%28varchar,0x7b5d%29+%27 , it doesn't throw any errors any longer after disabling the System - JotCache plugin.

I believe you should send this report to JotCache because looking at their codes, it looks like it's trying to run some SQL query in their system plugin based on the query string.
Mark
·
Wednesday, 25 December 2013 17:59
·
0 Likes
·
0 Votes
·
0 Comments
·
please also find backend information
Nubuwat
·
Tuesday, 24 December 2013 18:37
·
0 Likes
·
0 Votes
·
0 Comments
·
Hello Nubuwat,

I have tried to access your site with the injected codes but it does not work as it isn't returning any data from the database. Can you please advise?
Mark
·
Wednesday, 25 December 2013 00:09
·
0 Likes
·
0 Votes
·
0 Comments
·
I received this message

Dear GoDaddy Customer,

Your most recent Website Protection Site Scanner scan identified issues that resulted in a failed scan. In order to keep your Website Protection seal current and visible to customers on your website, you must take action within the next 72 hours to fix the security issues on your website.

Can you please check again. Thanks
Nubuwat
·
Wednesday, 25 December 2013 10:36
·
0 Likes
·
0 Votes
·
0 Comments
·
any updates. they have given me 72 hours and a lot of time has already passed.
Nubuwat
·
Wednesday, 25 December 2013 15:18
·
0 Likes
·
0 Votes
·
0 Comments
·
View Full Post