Please help us to make AbanteCart Ideal Open Source Ecommerce Solution for everyone.

Support AbanteCart eCommerce

Author Topic: Hacking attempt?  (Read 9268 times)

Offline everchanging

  • Jr. Member
  • **
  • Posts: 94
  • Karma: +9/-0
    • View Profile
    • Ancient Greece Reloaded
Hacking attempt?
« on: April 21, 2018, 01:51:02 PM »
Hi Guys I have a question:

While looking at reports > customers > online and looking at the Url Accessed I see the following:

Code: [Select]
....&currency=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00


Is it me or is this a hacking attempt?
If so, is there reason for concern?
"I know one thing; that I know nothing"

Offline abantecart

  • Administrator
  • Hero Member
  • *****
  • Posts: 4363
  • Karma: +301/-10
    • View Profile
    • Ideal Open Source Ecommerce Solution
Re: Hacking attempt?
« Reply #1 on: April 21, 2018, 02:07:09 PM »
There are many robot computers that run hack attempts based on know vulnerabilities in known applications.
They first try to detect type of application and apply some hack. If it succeeds, they penetrate the system.

Based on what you posted, it is not a problem, but can you share entire request?
Please  rate your experience or leave your review
We need your help to build better free open source ecommerce platform for everyone. See how you can help

Offline everchanging

  • Jr. Member
  • **
  • Posts: 94
  • Karma: +9/-0
    • View Profile
    • Ancient Greece Reloaded
Re: Hacking attempt?
« Reply #2 on: April 21, 2018, 02:41:16 PM »
Hi

the request looks like this:

Code: [Select]
[b].......(folder of abantecart)...[/b]/index.php?rt=product/product&product_id=142&currency=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00


while the previous attempt looked like this:

Code: [Select]
index.php?rt=product/product&product_id=142&currency=../../../../../../../etc/passwd
« Last Edit: April 21, 2018, 02:48:26 PM by everchanging »
"I know one thing; that I know nothing"

Offline abantecart

  • Administrator
  • Hero Member
  • *****
  • Posts: 4363
  • Karma: +301/-10
    • View Profile
    • Ideal Open Source Ecommerce Solution
Re: Hacking attempt?
« Reply #3 on: April 22, 2018, 07:39:17 AM »
These are attempts to grab your password file from the system. It will not happen.
Please  rate your experience or leave your review
We need your help to build better free open source ecommerce platform for everyone. See how you can help

Offline everchanging

  • Jr. Member
  • **
  • Posts: 94
  • Karma: +9/-0
    • View Profile
    • Ancient Greece Reloaded
Re: Hacking attempt?
« Reply #4 on: April 22, 2018, 11:27:04 AM »
OK... good to know  :)

Thank you for your replies and clarifications  :)
"I know one thing; that I know nothing"

 

Powered by SMFPacks Social Login Mod