April 9, 2026 2:35am 74.208.76.33 (United States) Blocked for SQL Injection in POST body: s2p-option = (select(0)from(select(sleep(15)))v)/’+(select(0)from(select(sleep(15)))v)+’"+(select(0)from(select(…
April 9, 2026 2:35am 74.208.76.33 (United States) Blocked for SQL Injection in POST body: s2p-option = 10"XOR(1if(now()=sysdate(),sleep(15),0))XOR"Z
April 9, 2026 2:35am 74.208.76.33 (United States) Blocked for SQL Injection in POST body: s2p-option = 10’XOR(1if(now()=sysdate(),sleep(15),0))XOR’Z
April 9, 2026 2:35am 74.208.76.33 (United States) Blocked for SQL Injection in POST body: s2member_pro_stripe_registration = (select(0)from(select(sleep(15)))v)/’+(select(0)from(select(sleep(15)))v)+’"+(select(0)from(select(…
April 9, 2026 2:35am 74.208.76.33 (United States) Blocked for SQL Injection in POST body: s2member_pro_stripe_registration = xsjyBldb0"XOR(if(now()=sysdate(),sleep(15),0))XOR"Z
April 9, 2026 2:35am 74.208.76.33 (United States) Blocked for SQL Injection in POST body: s2member_pro_stripe_registration = xsjyBldb0’XOR(if(now()=sysdate(),sleep(15),0))XOR’Z
April 9, 2026 2:35am 74.208.76.33 (United States) Blocked for SQL Injection in POST body: s2member_pro_stripe_registration = (select(0)from(select(sleep(15)))v)/’+(select(0)from(select(sleep(15)))v)+’"+(select(0)from(select(…
April 9, 2026 2:35am 74.208.76.33 (United States) Blocked for SQL Injection in POST body: s2member_pro_stripe_registration = u]H[ww6KrA9F.x-F0"XOR(if(now()=sysdate(),sleep(15),0))XOR"Z
April 9, 2026 2:35am 74.208.76.33 (United States) Blocked for SQL Injection in POST body: s2member_pro_stripe_registration = u]H[ww6KrA9F.x-F0’XOR(if(now()=sysdate(),sleep(15),0))XOR’Z
April 9, 2026 2:35am 74.208.76.33 (United States) Blocked for SQL Injection in POST body: s2member_pro_stripe_registration = (select(0)from(select(sleep(15)))v)/
Below is a sample of these recent attacks: April 9, 2026 1:05am 74.208.76.33 (United States) Blocked for SQL Injection in POST body: s2member_pro_stripe_checkout = (select(0)from(select(sleep(15)))v)/’+(select(0)from(select(sleep(15)))v)+’"+(select(0)from(select(… April 9, 2026 1:05am 74.208.76.33 (United States) Blocked for SQL Injection in POST body: s2member_pro_stripe_checkout = testing@example.com0"XOR(if(now()=sysdate(),sleep(15),0))XOR"Z April 9, 2026 1:05am 74.208.76.33 (United States) Blocked for SQL Injection in POST body: s2member_pro_stripe_checkout = testing@example.com0’XOR(if(now()=sysdate(),sleep(15),0))XOR’Z April 9, 2026 1:05am 74.208.76.33 (United States) Blocked for SQL Injection in POST body: s2member_pro_stripe_checkout = (select(0)from(select(sleep(15)))v)/’+(select(0)from(select(sleep(15)))v)+’"+(select(0)from(select(… April 9, 2026 1:05am 74.208.76.33 (United States) Blocked for SQL Injection in POST body: s2member_pro_stripe_checkout = 941020"XOR(94102if(now()=sysdate(),sleep(15),0))XOR"Z April 9, 2026 1:05am 74.208.76.33 (United States) Blocked for SQL Injection in POST body: s2member_pro_stripe_checkout = 941020’XOR(94102if(now()=sysdate(),sleep(15),0))XOR’Z April 9, 2026 1:05am 74.208.76.33 (United States) Blocked for SQL Injection in POST body: s2member_pro_stripe_checkout = (select(0)from(select(sleep(15)))v)/’+(select(0)from(select(sleep(15)))v)+’"+(select(0)from(select(… April 9, 2026 1:05am 74.208.76.33 (United States) Blocked for SQL Injection in POST body: s2member_pro_stripe_checkout = AF0"XOR(if(now()=sysdate(),sleep(15),0))XOR"Z April 9, 2026 1:05am 74.208.76.33 (United States) Blocked for SQL Injection in POST body: s2member_pro_stripe_checkout = AF0’XOR(if(now()=sysdate(),sleep(15),0))XOR’Z April 9, 2026 1:05am 74.208.76.33 (United States) Blocked for SQL Injection in POST body: s2member_pro_stripe_checkout = (select(0)from(select(sleep(15)))v)
SQL Injection attenpts
Thank you, Vincent.
These look like automated SQL injection probes against real s2Member Pro form fields. Based on my review of the current Stripe form handling, I did not find evidence that these specific fields are used in a way that would allow SQL injection. At this point, this appears to be a blocked attack attempt, not a confirmed vulnerability.
But please keep an eye on it, and let me know if you notice any changes. I’ll also review whether any additional hardening makes sense here.
Cristian