Its Seem Someone Trying To Hack Us

osamamoqbal · September 2, 2018, 12:00am

after error message happen in our database as attach .

i write it in post https://forum.cs-cart.com/topic/53050-database-error/

we install add-on cs-commerce live search

in search history in our backend there many unkhown search history

(

			unexisting/../../../../../../../../../../windows/win.ini.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\
		
			<a  class="" href="https://alphastore-kw.com/alphast.php?dispatch=search_history.view&wid=1152" title="Requests: unexisting/../../../../../../../../../../windows/win.ini.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\">1</a>
		
			0
		
			en
	
	
		
			
		
			1151
		
			../.../.././../.../.././../.../.././../.../.././../.../.././../.../.././windows/win.ini
		
			<a  class="" href="https://alphastore-kw.com/alphast.php?dispatch=search_history.view&wid=1151" title="Requests: ../.../.././../.../.././../.../.././../.../.././../.../.././../.../.././windows/win.ini">1</a>
		
			0
		
			en
	
	
		
			
		
			1150
		
			../..//../..//../..//../..//../..//../..//../..//../..//windows/win.ini
		
			<a  class="" href="https://alphastore-kw.com/alphast.php?dispatch=search_history.view&wid=1150" title="Requests: ../..//../..//../..//../..//../..//../..//../..//../..//windows/win.ini">1</a>
		
			0
		
			en
	
	
		
			
		
			1149
		
			/.\\./.\\./.\\./.\\./.\\./.\\./windows/win.ini
		
			<a  class="" href="https://alphastore-kw.com/alphast.php?dispatch=search_history.view&wid=1149" title="Requests: /.\\./.\\./.\\./.\\./.\\./.\\./windows/win.ini">1</a>
		
			0
		
			en
	
	
		
			
		
			1148
		
			..\..\..\..\..\..\..\..\windows\win.ini
		
			<a  class="" href="https://alphastore-kw.com/alphast.php?dispatch=search_history.view&wid=1148" title="Requests: ..\..\..\..\..\..\..\..\windows\win.ini">1</a>
		
			0
		
			en
	
	
		
			
		
			1147
		
			................windowswin.ini
		
			<a  class="" href="https://alphastore-kw.com/alphast.php?dispatch=search_history.view&wid=1147" title="Requests: ................windowswin.ini">1</a>
		
			0
		
			en
	
	
		
			
		
			1146
		
			????????????????????????????????????????????????windows??win.ini
		
			<a  class="" href="https://alphastore-kw.com/alphast.php?dispatch=search_history.view&wid=1146" title="Requests: ????????????????????????????????????????????????windows??win.ini">1</a>
		
			0
		
			en
	
	
		
			
		
			1145
		
			c:/windows/win.ini
		
			<a  class="" href="https://alphastore-kw.com/alphast.php?dispatch=search_history.view&wid=1145" title="Requests: c:/windows/win.ini">1</a>
		
			0
		
			en
	
	
		
			
		
			1144
		
			../../../../../../../../../../windows/win.ini
		
			<a  class="" href="https://alphastore-kw.com/alphast.php?dispatch=search_history.view&wid=1144" title="Requests: ../../../../../../../../../../windows/win.ini">2</a>
		
			0
		
			en
	
	
		
			
		
			1143
		
			/\../\../\../\../\../\../\../etc/passwd
		
			<a  class="" href="https://alphastore-kw.com/alphast.php?dispatch=search_history.view&wid=1143" title="Requests: /\../\../\../\../\../\../\../etc/passwd">1</a>
		
			0
		
			en
	
	
		
			
		
			1142
		
			file:///etc/passwd
		
			<a  class="" href="https://alphastore-kw.com/alphast.php?dispatch=search_history.view&wid=1142" title="Requests: file:///etc/passwd">3</a>
		
			0
		
			en
	
	
		
			
		
			1141
		
			..??..??..??..??..??..??..??..??etc/passwd
		
			<a  class="" href="https://alphastore-kw.com/alphast.php?dispatch=search_history.view&wid=1141" title="Requests: ..??..??..??..??..??..??..??..??etc/passwd">1</a>
		
			0
		
			en
	
	
		
			
		
			1140
		
			../.../.././../.../.././../.../.././../.../.././../.../.././../.../.././etc/passwd
		
			<a  class="" href="https://alphastore-kw.com/alphast.php?dispatch=search_history.view&wid=1140" title="Requests: ../.../.././../.../.././../.../.././../.../.././../.../.././../.../.././etc/passwd">1</a>
		
			0
		
			en
	
	
		
			
		
			1139
		
			../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd )

all come from on IP its seems in Saudi Arabia .

also after complete order in logs there message >>> converter.cart-services.com/PDF/render <<< it another website render PDF

can any one tell me please what is that its seems we trying to be hacked.

			unexisting/../../../../../../../../../../windows/win.ini.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\
		
			<a  class="" href="https://alphastore-kw.com/alphast.php?dispatch=search_history.view&wid=1152" title="Requests: unexisting/../../../../../../../../../../windows/win.ini.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\">1</a>
		
			0
		
			en
	
	
		
			
		
			1151
		
			../.../.././../.../.././../.../.././../.../.././../.../.././../.../.././windows/win.ini
		
			<a  class="" href="https://alphastore-kw.com/alphast.php?dispatch=search_history.view&wid=1151" title="Requests: ../.../.././../.../.././../.../.././../.../.././../.../.././../.../.././windows/win.ini">1</a>
		
			0
		
			en
	
	
		
			
		
			1150
		
			../..//../..//../..//../..//../..//../..//../..//../..//windows/win.ini
		
			<a  class="" href="https://alphastore-kw.com/alphast.php?dispatch=search_history.view&wid=1150" title="Requests: ../..//../..//../..//../..//../..//../..//../..//../..//windows/win.ini">1</a>
		
			0
		
			en
	
	
		
			
		
			1149
		
			/.\\./.\\./.\\./.\\./.\\./.\\./windows/win.ini
		
			<a  class="" href="https://alphastore-kw.com/alphast.php?dispatch=search_history.view&wid=1149" title="Requests: /.\\./.\\./.\\./.\\./.\\./.\\./windows/win.ini">1</a>
		
			0
		
			en
	
	
		
			
		
			1148
		
			..\..\..\..\..\..\..\..\windows\win.ini
		
			<a  class="" href="https://alphastore-kw.com/alphast.php?dispatch=search_history.view&wid=1148" title="Requests: ..\..\..\..\..\..\..\..\windows\win.ini">1</a>
		
			0
		
			en
	
	
		
			
		
			1147
		
			................windowswin.ini
		
			<a  class="" href="https://alphastore-kw.com/alphast.php?dispatch=search_history.view&wid=1147" title="Requests: ................windowswin.ini">1</a>
		
			0
		
			en
	
	
		
			
		
			1146
		
			????????????????????????????????????????????????windows??win.ini
		
			<a  class="" href="https://alphastore-kw.com/alphast.php?dispatch=search_history.view&wid=1146" title="Requests: ????????????????????????????????????????????????windows??win.ini">1</a>
		
			0
		
			en
	
	
		
			
		
			1145
		
			c:/windows/win.ini
		
			<a  class="" href="https://alphastore-kw.com/alphast.php?dispatch=search_history.view&wid=1145" title="Requests: c:/windows/win.ini">1</a>
		
			0
		
			en
	
	
		
			
		
			1144
		
			../../../../../../../../../../windows/win.ini
		
			<a  class="" href="https://alphastore-kw.com/alphast.php?dispatch=search_history.view&wid=1144" title="Requests: ../../../../../../../../../../windows/win.ini">2</a>
		
			0
		
			en
	
	
		
			
		
			1143
		
			/\../\../\../\../\../\../\../etc/passwd
		
			<a  class="" href="https://alphastore-kw.com/alphast.php?dispatch=search_history.view&wid=1143" title="Requests: /\../\../\../\../\../\../\../etc/passwd">1</a>
		
			0
		
			en
	
	
		
			
		
			1142
		
			file:///etc/passwd
		
			<a  class="" href="https://alphastore-kw.com/alphast.php?dispatch=search_history.view&wid=1142" title="Requests: file:///etc/passwd">3</a>
		
			0
		
			en
	
	
		
			
		
			1141
		
			..??..??..??..??..??..??..??..??etc/passwd
		
			<a  class="" href="https://alphastore-kw.com/alphast.php?dispatch=search_history.view&wid=1141" title="Requests: ..??..??..??..??..??..??..??..??etc/passwd">1</a>
		
			0
		
			en
	
	
		
			
		
			1140
		
			../.../.././../.../.././../.../.././../.../.././../.../.././../.../.././etc/passwd
		
			<a  class="" href="https://alphastore-kw.com/alphast.php?dispatch=search_history.view&wid=1140" title="Requests: ../.../.././../.../.././../.../.././../.../.././../.../.././../.../.././etc/passwd">1</a>
		
			0
		
			en
	
	
		
			
		
			1139
		
			../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd<br>

Capture.PNG

Capture2.PNG

Capture3.PNG

poppedweb · September 2, 2018, 12:00am

after error message happen in our database as attach .

i write it in post https://forum.cs-cart.com/topic/53050-database-error/

we install add-on cs-commerce live search

in search history in our backend there many unkhown search history

(

unexisting/../../../../../../../../../../windows/win.ini.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\ 1 0 en 1151 ../.../.././../.../.././../.../.././../.../.././../.../.././../.../.././windows/win.ini 1 0 en 1150 ../..//../..//../..//../..//../..//../..//../..//../..//windows/win.ini 1 0 en 1149 /.\\./.\\./.\\./.\\./.\\./.\\./windows/win.ini 1 0 en 1148 ..\..\..\..\..\..\..\..\windows\win.ini 1 0 en 1147 ................windowswin.ini 1 0 en 1146 ????????????????????????????????????????????????windows??win.ini 1 0 en 1145 c:/windows/win.ini 1 0 en 1144 ../../../../../../../../../../windows/win.ini 2 0 en 1143 /\../\../\../\../\../\../\../etc/passwd 1 0 en 1142 file:///etc/passwd 3 0 en 1141 ..??..??..??..??..??..??..??..??etc/passwd 1 0 en 1140 ../.../.././../.../.././../.../.././../.../.././../.../.././../.../.././etc/passwd 1 0 en 1139 ../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd )
all come from on IP its seems in Saudi Arabia .

also after complete order in logs there message >>> converter.cart-services.com/PDF/render <<< it another website render PDF

can any one tell me please what is that its seems we trying to be hacked.

unexisting/../../../../../../../../../../windows/win.ini.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\ 1 0 en 1151 ../.../.././../.../.././../.../.././../.../.././../.../.././../.../.././windows/win.ini 1 0 en 1150 ../..//../..//../..//../..//../..//../..//../..//../..//windows/win.ini 1 0 en 1149 /.\\./.\\./.\\./.\\./.\\./.\\./windows/win.ini 1 0 en 1148 ..\..\..\..\..\..\..\..\windows\win.ini 1 0 en 1147 ................windowswin.ini 1 0 en 1146 ????????????????????????????????????????????????windows??win.ini 1 0 en 1145 c:/windows/win.ini 1 0 en 1144 ../../../../../../../../../../windows/win.ini 2 0 en 1143 /\../\../\../\../\../\../\../etc/passwd 1 0 en 1142 file:///etc/passwd 3 0 en 1141 ..??..??..??..??..??..??..??..??etc/passwd 1 0 en 1140 ../.../.././../.../.././../.../.././../.../.././../.../.././../.../.././etc/passwd 1 0 en 1139 ../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd

Hello,

Please remove this post and rename your admin script since everyone can view it a.t.m.

Regarding the SQL errors, this most likely is the result of the developer not using the provided database formatting tools. Please contact them and inform them about this issue.

If you need anything else, feel free to contact us at info@poppedweb.com

Kind regards,

tbirnseth · September 2, 2018, 12:00am

also note that cart-services.com is is the Simtech site used by cs-cart for rendering HTML -> pdf so if your invoices are pdf, that site will be used to convert them from html to pdf.

osamamoqbal · September 3, 2018, 12:00am

Hello,

Please remove this post and rename your admin script since everyone can view it a.t.m.

Regarding the SQL errors, this most likely is the result of the developer not using the provided database formatting tools. Please contact them and inform them about this issue.

If you need anything else, feel free to contact us at info@poppedweb.com

Kind regards,

so the problem from live search add-on . i will contact the cs-commerce to inform them to find solution about that.

can you explain please how i can change the post name to your request .

osamamoqbal · September 3, 2018, 12:00am

also note that cart-services.com is is the Simtech site used by cs-cart for rendering HTML -> pdf so if your invoices are pdf, that site will be used to convert them from html to pdf.

thank you EZ , i found that in app\tygh\pdf

also thank you all for your help