riasvdv/statamic-redirect

Malicious request throws 500 error

Opened this issue · 3 comments

Illuminate\Database\Eloquent\JsonEncodingException: Unable to encode attribute [data] for model [Rias\StatamicRedirect\Data\Hit] to JSON: Malformed UTF-8 characters, possibly incorrectly encoded.
  File "/public/index.php", line 51
    $response = $kernel->handle(
...
(50 additional frame(s) were not displayed)

Request path: GET https://www.example.com/admin_aspcms/_system/AspCms_SiteSetting.asp?action=saves%E2%80%9D%2C+1%2C+%E2%80%9CrunMode%3D1&siteMode=1&siteHelp=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%D5%BE%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%D8%B1%EF%BF%BD%EF%BF%BD%EF%BF%BD&SwitchComments=1&SwitchCommentsStatus=1&switchFaq=0%3AY%3Drequest%28chr%2835%29%29%3Aexecute%28Y%29&SwitchFaqStatus=0&dirtyStr=&waterMark=1&waterMarkFont=hahahaha&waterMarkLocation=1&smtp_usermail=aspcmstest%40163.com&smtp_user=aspcmstest&smtp_password=%5BFiltered%5D&smtp_server=smtp.163.com&MessageAlertsEmail=13322712%40qq.com&messageReminded=1&orderReminded=1&applyReminded=1&commentReminded=1&LanguageID=1

This is obviously a malicious request but be worth investigating/handling that such requests don't get logged.

Is it possible to share the full stacktrace of the exception?

No, I only have this logged in Sentry.

This is the stack trace I have from the same error, running on Statamic 5:

production.ERROR: Unable to encode attribute [data] for model [Rias\StatamicRedirect\Data\Hit] to JSON: Malformed UTF-8 characters, possibly incorrectly encoded. {"exception":"[object] (Illuminate\\Database\\Eloquent\\JsonEncodingException(code: 0): Unable to encode attribute [data] for model [Rias\\StatamicRedirect\\Data\\Hit] to JSON: Malformed UTF-8 characters, possibly incorrectly encoded. at vendor/laravel/framework/src/Illuminate/Database/Eloquent/JsonEncodingException.php:47)
[stacktrace]
#0 vendor/laravel/framework/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php(1307): Illuminate\\Database\\Eloquent\\JsonEncodingException::forAttribute()
#1 vendor/laravel/framework/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php(1039): Illuminate\\Database\\Eloquent\\Model->castAttributeAsJson()
#2 vendor/laravel/framework/src/Illuminate/Database/Eloquent/Model.php(520): Illuminate\\Database\\Eloquent\\Model->setAttribute()
#3 vendor/laravel/framework/src/Illuminate/Database/Eloquent/Model.php(614): Illuminate\\Database\\Eloquent\\Model->fill()
#4 vendor/laravel/framework/src/Illuminate/Database/Eloquent/Relations/HasOneOrMany.php(339): Illuminate\\Database\\Eloquent\\Model->newInstance()
#5 vendor/rias/statamic-redirect/src/Data/Error.php(57): Illuminate\\Database\\Eloquent\\Relations\\HasOneOrMany->create()
#6 vendor/rias/statamic-redirect/src/Http/Middleware/HandleNotFound.php(105): Rias\\StatamicRedirect\\Data\\Error->addHit()
#7 vendor/rias/statamic-redirect/src/Http/Middleware/HandleNotFound.php(41): Rias\\StatamicRedirect\\Http\\Middleware\\HandleNotFound->createError()
#8 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Rias\\StatamicRedirect\\Http\\Middleware\\HandleNotFound->handle()
#9 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(119): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#10 vendor/laravel/framework/src/Illuminate/Routing/Router.php(805): Illuminate\\Pipeline\\Pipeline->then()
#11 vendor/laravel/framework/src/Illuminate/Routing/Router.php(784): Illuminate\\Routing\\Router->runRouteWithinStack()
#12 vendor/laravel/framework/src/Illuminate/Routing/Router.php(748): Illuminate\\Routing\\Router->runRoute()
#13 vendor/laravel/framework/src/Illuminate/Routing/Router.php(737): Illuminate\\Routing\\Router->dispatchToRoute()
#14 vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(200): Illuminate\\Routing\\Router->dispatch()
#15 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(144): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}()
#16 vendor/statamic/cms/src/Http/Middleware/StopImpersonating.php(12): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#17 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Statamic\\Http\\Middleware\\StopImpersonating->handle()
#18 vendor/statamic/cms/src/Http/Middleware/DisableFloc.php(17): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#19 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Statamic\\Http\\Middleware\\DisableFloc->handle()
#20 vendor/statamic/cms/src/Http/Middleware/CheckMultisite.php(15): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#21 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Statamic\\Http\\Middleware\\CheckMultisite->handle()
#22 vendor/statamic/cms/src/Http/Middleware/CheckComposerJsonScripts.php(14): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#23 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Statamic\\Http\\Middleware\\CheckComposerJsonScripts->handle()
#24 vendor/statamic/cms/src/Http/Middleware/PoweredByHeader.php(18): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#25 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Statamic\\Http\\Middleware\\PoweredByHeader->handle()
#26 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#27 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ConvertEmptyStringsToNull.php(31): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle()
#28 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Foundation\\Http\\Middleware\\ConvertEmptyStringsToNull->handle()
#29 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#30 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(51): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle()
#31 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Foundation\\Http\\Middleware\\TrimStrings->handle()
#32 vendor/laravel/framework/src/Illuminate/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#33 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Http\\Middleware\\ValidatePostSize->handle()
#34 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(110): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#35 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance->handle()
#36 vendor/laravel/framework/src/Illuminate/Http/Middleware/HandleCors.php(49): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#37 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Http\\Middleware\\HandleCors->handle()
#38 vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(57): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#39 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Http\\Middleware\\TrustProxies->handle()
#40 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(119): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#41 vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(175): Illuminate\\Pipeline\\Pipeline->then()
#42 vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(144): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter()
#43 vendor/laravel/framework/src/Illuminate/Foundation/Application.php(1183): Illuminate\\Foundation\\Http\\Kernel->handle()
#44 public/index.php(17): Illuminate\\Foundation\\Application->handleRequest()
#45 {main}
"}