Latest News: (loading..)

Archived

This topic is now archived and is closed to further replies.

kadett

XSS attacks

2 posts in this topic

Hello everyone. Need help.

 

My site is continiously attacked by some sort of XSS attacks.

 

I've installed Anti-XSS script (http://addons.oscommerce.com/info/6044 - the "other version"), but attacks continues though.

 

Search engine reports that URL's which litter search engines search results is shown below (one of them):

 

_http://www.xxx.com/index.php?manufacturers=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E&osCsid=%22%27%3E%3Ca%20

href=http://xxx.ru%3Exxx.ru%3C/a%3E&manufacturers_id=%22%27%3E%3Ca%20

href=http://xxx.ru%3Exxx.ru%3C/a%3E&osCsid=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E

 

http://www.xxx.com/index.php?manufacturers=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E&osCsid=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E&manufacturers_id=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E&osCsid=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E

Any suggestions?

 

Dmitry

Share this post


Link to post
Share on other sites

Hello everyone. Need help.

 

My site is continiously attacked by some sort of XSS attacks.

 

I've installed Anti-XSS script (http://addons.oscommerce.com/info/6044 - the "other version"), but attacks continues though.

 

Search engine reports that URL's which litter search engines search results is shown below (one of them):

 

_http://www.xxx.com/index.php?manufacturers=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E&osCsid=%22%27%3E%3Ca%20

href=http://xxx.ru%3Exxx.ru%3C/a%3E&manufacturers_id=%22%27%3E%3Ca%20

href=http://xxx.ru%3Exxx.ru%3C/a%3E&osCsid=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E

 

http://www.xxx.com/index.php?manufacturers=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E&osCsid=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E&manufacturers_id=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E&osCsid=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E

Any suggestions?

 

Dmitry

 

Security Pro secures the querystring and this is a querystring attack.

 

I think it is worth remembering however that I can visit your site with naughty stuff in the querystring and the server may log it .. it doesn't mean it has been successful though.

 

There are tests you can run ( in security pro instructions ) where you can see which characters are getting through.

Share this post


Link to post
Share on other sites