FROM CACHE - en_header

Shopify protection from SQL injection attempts?

jordancrawford
New Member
1 0 2

Hey Shopify community,

During my normal monitoring of my store, I noted some strange strings of text in the "some of your visitors can't find what they're looking for" widget over the past few days.

I don't have a lot of programming background, but to me these seem like they could be attempts at SQL injections to my store or some other sort of malicious intrusion attempt:

"0 xor if now sysdate sleep 12 0 xor z"

"if now sysdate sleep 12 0"

"1 waitfor delay 0 0 12"

We haven't noticed anything unusual and I would imagine Shopify has appropriately sanitized the inputs for customer-facing fields, but I wanted to reach out and see if this was something I need to be more concerned about. Thanks in advance to anyone with input on this!

Replies 4 (4)
luc1d
New Member
1 0 0

Hi, which widget is that? Can you share related admin page link with me.

tile_time
Tourist
4 0 3

We're seeing the same thing. 

  • if now sysdate sleep 12 0
  • 0 xor if now sysdate sleep 12 0 xor z
  • 1 waitfor delay 0 0 12
BAutomated
New Member
3 0 0

I was just reading about it on reddit forums by accident. This seems to be probably some weak attack en masse. Shopify engineers for sure secured obvious things like that.

ztevbec
Tourist
3 0 1

Hi Shopify Community!

 

Same thing happened in my store in the search widget. 

It appears like this " búsqueda waitfor delay 0 0 5" 

 

Do you know if this is an attack? Does my customer's data is protected?

 

Thank you for your answer.