FROM CACHE - en_header

Shopify protection from SQL injection attempts?

jordancrawford
New Member
1 0 2
‎12-04-2020 02:30 PM

Shopify protection from SQL injection attempts?

Hey Shopify community,

During my normal monitoring of my store, I noted some strange strings of text in the "some of your visitors can't find what they're looking for" widget over the past few days.

I don't have a lot of programming background, but to me these seem like they could be attempts at SQL injections to my store or some other sort of malicious intrusion attempt:

"0 xor if now sysdate sleep 12 0 xor z"

"if now sysdate sleep 12 0"

"1 waitfor delay 0 0 12"

We haven't noticed anything unusual and I would imagine Shopify has appropriately sanitized the inputs for customer-facing fields, but I wanted to reach out and see if this was something I need to be more concerned about. Thanks in advance to anyone with input on this!

Labels:
1,781 Views
Report
Replies 5 (5)
luc1d
New Member
1 0 0
‎12-05-2020 07:39 AM

Re: Shopify protection from SQL injection attempts?

Hi, which widget is that? Can you share related admin page link with me.

1,755 Views
0 Likes
Report
tile_time
Tourist
4 0 3
‎06-02-2021 04:17 PM

Re: Shopify protection from SQL injection attempts?

We're seeing the same thing. 

  • if now sysdate sleep 12 0
  • 0 xor if now sysdate sleep 12 0 xor z
  • 1 waitfor delay 0 0 12
1,622 Views
0 Likes
Report
BAutomated
New Member
3 0 0
‎11-15-2021 09:59 AM

Re: Shopify protection from SQL injection attempts?

I was just reading about it on reddit forums by accident. This seems to be probably some weak attack en masse. Shopify engineers for sure secured obvious things like that.

1,369 Views
0 Likes
Report
ztevbec
Tourist
3 0 1
‎09-14-2022 03:37 PM

Re: Shopify protection from SQL injection attempts?

Hi Shopify Community!

 

Same thing happened in my store in the search widget. 

It appears like this " búsqueda waitfor delay 0 0 5" 

 

Do you know if this is an attack? Does my customer's data is protected?

 

Thank you for your answer. 

585 Views
0 Likes
Report
ejr
Shopify Partner
9 0 3
‎12-03-2022 11:34 AM

Re: Shopify protection from SQL injection attempts?

Hi 

Did you get an answer about this issue? We are having the same issue, right now.

 

Does anyone know if this should be a concern and/or what we should do about it?

Thanks.

313 Views
0 Likes
Report

Community Blog Articles

shopify-presentation-matthew-herchel-pointing-at-board 1920x1080.jpg
Shopify Community AMA: 2H Media Recap

Thanks to all who participated in our AMA with 2H Media on planning your 2023 marketing bu...

By Jacqui Mar 30, 2023
E23_social share_1200x6751.jpg
Shopify Community AMA: Winter Editions ‘23 Recap

Thanks to all Community members that participated in our inaugural 2 week AMA on the new E...

By Jacqui Mar 10, 2023
shopify-academy-foundations-certification-16-9-v1-size.png
Introducing Shopify Certifications

Upskill and stand out with the new Shopify Foundations Certification program

By SarahF_Shopify Mar 6, 2023
Terms of Service Privacy Policy