Shopping Cart Operations > Security

Hacking attempt?

(1/1)

everchanging:
Hi Guys I have a question:

While looking at reports > customers > online and looking at the Url Accessed I see the following:


--- Code: ---....&currency=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00


--- End code ---

Is it me or is this a hacking attempt?
If so, is there reason for concern?

abantecart:
There are many robot computers that run hack attempts based on know vulnerabilities in known applications.
They first try to detect type of application and apply some hack. If it succeeds, they penetrate the system.

Based on what you posted, it is not a problem, but can you share entire request?

everchanging:
Hi

the request looks like this:


--- Code: ---[b].......(folder of abantecart)...[/b]/index.php?rt=product/product&product_id=142&currency=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00


--- End code ---

while the previous attempt looked like this:


--- Code: ---index.php?rt=product/product&product_id=142&currency=../../../../../../../etc/passwd

--- End code ---

abantecart:
These are attempts to grab your password file from the system. It will not happen.

everchanging:
OK... good to know  :)

Thank you for your replies and clarifications  :)

Navigation

[0] Message Index