Important Notice from AspDotNetStorefront
It is with dismay that we report that we have been forced, through the action of hackers, to shut off write-access to this forum. We are keen to leave the wealth of material available to you for research. We have opened a new forum from which our community of users can seek help, support and advice from us and from each other. To post a new question to our community, please visit: http://forums.vortx.com
Results 1 to 2 of 2

Thread: Seucrity: SQl injection and Hack attempt

  1. #1
    mohanrh is offline Member
    Join Date
    Jul 2009
    Posts
    78

    Default Seucrity: SQl injection and Hack attempt

    Hi,

    Our website uses ML 64 8.0.1 version. When I look at the IIS logs, I see the following attempts.

    /(F(-jOmA6QRsTB1KgsqvCeRs-43ou6qSDO2ZVDcRGbzuI7WgBn1y_87jRP02bg_yGXl4Maj-kDPYqJ-mHivcPgAG-QXQr7lyHrhO0QLfNvKGSx1Hrw8_Odipjxn83lfvcOpONbpgGRE PdoY7Nuw3Paq2oIBqHEZNF9W2r3BbMfDa10JEav_Ol7Gg-S5qmziivAPaXtSN30oTp9iZMd53rteOWDiHMlHRen1VYhnNVxY nlpqk52e0))/c-1323-luthers-works-reformation-studies.aspx

    /addtocart.aspx?returnurl=showproduct.aspx%3fProduc tID%3d21565%26SEName%3dluthers-works-volume-67-matthew-1-18%26SearchTerm%3dluther's+works%26rct%3dj%26sa%3d U%26ei%3dCb6yUJD4I-qR0AXn8IGQDg%26ved%3d0CF0QFjAdOJAD%26q%3dinurl%3a* secure*%3d21565%26usg%3dAFQjCNF0xPYDiAOBoS0RPatDb1 kk6Egwng

    Any idea what these requests are attempting to execute. I am more worried about the first entry where the user is trying to completely enter some new code in the url.

    Any help is greatly appreciated.

    Regards
    Mohan

  2. #2
    mohanrh is offline Member
    Join Date
    Jul 2009
    Posts
    78

    Default Explanation.

    Finally found some information regarding this issue. Also Aspdotnetstorefont support was very helpful. That is a cookieless Forms Authentication ticket in the URL. Not sure what and how it is caused but have noticed in some selective requests coming to the site.

    http://msdn.microsoft.com/en-us/library/aa479315.aspx

    Mohan