Looking through my Actinic website logs I'm getting the following
If I goto the pages references there are scary scripts....
etc etc etc
and
Is this right?
Seems to me that the scripts could be used for some form of URL injection attack as looking at them I can see the password validation logic, shopping cart functions, payment processing logic etc etc.
J/.
Code:
xxx.xxx.106.254 - - [27/Feb/2012:19:08:06 +0000] "GET /shop/theme.css HTTP/1.1" 304 176 "http://www.nippergrip.com/shop/catalog.html" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; InfoPath.2)" xxx.xxx.106.254 - - [27/Feb/2012:19:08:06 +0000] "GET /shop/actiniccore.js?DAYNO=MASA HTTP/1.1" 304 153 "http://www.nippergrip.com/shop/catalog.html" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; InfoPath.2)" xxx.xxx.106.254 - - [27/Feb/2012:19:08:06 +0000] "GET /shop/actinicextras.js?DAYNO=MASA HTTP/1.1" 304 153 "http://www.nippergrip.com/shop/catalog.html" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; InfoPath.2)"
Code:
var bPageIsLoaded = false; /*********************************************************************** * * setCookie - Generic Set Cookie routine * * Input: sName - Name of cookie to create * sValue - Value to assign to the cookie * sExpire - Cookie expiry date/time (optional) * * Returns: null * ************************************************************************/ function setCookie(sName, sValue, sExpire) { var sCookie = sName + "=" + escape(sValue) +"; path=/"; // construct the cookie if (sExpire) { sCookie += "; expires=" + sExpire.toGMTString(); // add expiry date if present } document.cookie = sCookie; // store the cookie return null; }
and
Code:
/*********************************************************************** * * getCartItem - Gets the Actinic Cart Value & No of Items * * Input: nIndex - Cart item index to retrieve * 1 = TOTAL_VALUE * 3 = CART_COUNT * * Returns: Requested cart item or 0 (zero) if not found * ************************************************************************/ //CART_CONTENT = Cookie name //1 = TOTAL_VALUE //3 = CART_COUNT var PASSWORD_MATCH_ERROR = "Passwords do not match."; function getCartItem(nIndex) { var act_cart= getCookie("CART_CONTENT") var sTemp =(act_cart != null) ? sTemp=act_cart.split("\t"):0; return (sTemp.length > 0) ? sTemp[nIndex] : 0; }
Seems to me that the scripts could be used for some form of URL injection attack as looking at them I can see the password validation logic, shopping cart functions, payment processing logic etc etc.
J/.
Comment