News:

AbanteCart v1.4.2 is released.

Main Menu
support

Hacking attempt?

Started by everchanging, April 21, 2018, 01:51:02 PM

Previous topic - Next topic

everchanging

Hi Guys I have a question:

While looking at reports > customers > online and looking at the Url Accessed I see the following:


....&currency=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00



Is it me or is this a hacking attempt?
If so, is there reason for concern?

abantecart

There are many robot computers that run hack attempts based on know vulnerabilities in known applications.
They first try to detect type of application and apply some hack. If it succeeds, they penetrate the system.

Based on what you posted, it is not a problem, but can you share entire request?

everchanging

#2
Hi

the request looks like this:


[b].......(folder of abantecart)...[/b]/index.php?rt=product/product&product_id=142&currency=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00



while the previous attempt looked like this:


index.php?rt=product/product&product_id=142&currency=../../../../../../../etc/passwd

abantecart

These are attempts to grab your password file from the system. It will not happen.

everchanging

OK... good to know  :)

Thank you for your replies and clarifications  :)

Forum Rules Code of conduct
AbanteCart.com 2010 -