Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Possible Security Issue with Search Function
 
corradomatt
Sr. Member
 
Total Posts:  161
Joined:  2008-09-01
San Diego, CA
 

After logging into my admin panel this evening I noticed something very strange about the “Last 5 Search Terms”. Each of the following terms had a count of 370-380 in “Number of Uses”

">'><IfRaME>

<ScRipT%20>alert('test')&#x3B;</ScRipT%20>

">'><IfRaME>

<ScRipT >alert('test');</ScRipT >  (this one had 4 results)

&#x27;&#x3b;&#x23;&#x21;&#x2d;&#x2d;&#x22;&#x3c;&#x3e;&#x3d;&#x5b;&#x5d;&#x3a;&#x7b;&#x28;&#x29;&#x7d;&#x26;

Other than the third search term listed, none of the others had results. I’ve since deleted the search term usage. I am wondering if this is an attempt by a hacker to find a weakness in the system or compromise the site with a sql injection through the form.

Anyone else have any feedback on this issue?

 
Magento Community Magento Community
Magento Community
Magento Community
 
pakiboyg
Jr. Member
 
Total Posts:  10
Joined:  2010-07-01
 

What does this machine language show here about it.
What is the real issue in ti.Explain.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top