@ehuebner opened this Issue on November 4th 2016

One of my Piwik tracked sites is attacked by cross site scripting. With a search term like

it breaks the output of the reporting API.
When i request the search keywords for an month with multiple results by calling:
module=API&method=Actions.getSiteSearchKeywords&idSite=&period=month&date=2016-10-01,2016-10-31&format=JSON&filter_limit=100000000&token_auth=

i only get:
`{

"2016-10": [
    {
        "label": "\"><script>_exploit_dom_xss()</script>",
        "nb_visits": 2,
        "nb_hits": 381,
        "sum_time_spent": 1105,
        "exit_nb_visits": 1,
        "nb_pages_per_search": 190.5,
        "avg_time_on_page": 3,
        "bounce_rate": "0%",
        "exit_rate": "50%"
    }
]

}`

Looks like the attack search term breaks the output of the API. Is there some way to prevent and fix that?

@pebosi commented on November 7th 2016 Contributor

The result is valid JSON. Maybe post the complete output and provide more information about your Piwik Installation.

@mattab commented on November 11th 2016 Owner

Yes it looks like correct JSON so please re-open if you get invalid output

@ehuebner commented on November 14th 2016

Yes the JSON is valid but the october array has only one entry but it should have around 100 different search keywords (I can see them in the visitor logs). But because, like mentioned, the script tag label breaks the API output, there is only one element. It seems like the output ist stopping after the script tag occurs.

I have 104 sites with the same software installed and the api call is working for all of them perfectly except for the one site with that script tag in the search keyword.

@pebosi This is the compleate output and it have Piwik 2.16.1 installed.

This Issue was closed on November 11th 2016
Powered by GitHub Issue Mirror