Results 1 to 5 of 5
  1. #1
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    UK
    Posts
    539
    we have had someone typing urls in like this

    http://****.com/index.php?cPath=http://123.456.567.890
    using ip addresses, does anyone know what they are trying to do???
    they tried it a few times and then disappeared, but I am a bit worried that it was a test of some kind.

    any ideas, I would be grateful,

    *** And people say I'm just a housewife!!! ha ha ***

  2. #2
    Just Lurking
    Join Date
    January 18th, 2005
    Posts
    1,263
    The only exploits I can find using cPath are for osCommerce.

    ------------------------------
    "A man is but the product of his thoughts. What he thinks, he becomes." -- Mahatma Gandhi

  3. #3
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    UK
    Posts
    539
    yes, we are using oscommerce!!
    I did not want to give the proper url for obvious reasons! so the domain is *** out.

    I am wondering why someone is typing ip addresses at the end of our url??? is it someone hacking?? they did it quite a few times, which is a bit wierd.

    *** And people say I'm just a housewife!!! ha ha ***

  4. #4
    Full Member
    Join Date
    January 18th, 2005
    Posts
    347
    <BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Originally posted by Tamalyn:
    yes, we are using oscommerce!!
    I did not want to give the proper url for obvious reasons! so the domain is *** out.

    I am wondering why someone is typing ip addresses at the end of our url??? is it someone hacking?? they did it quite a few times, which is a bit wierd.

    *** And people say I'm just a housewife!!! ha ha ***<HR></BLOCKQUOTE>
    I'm using it too.
    Here's some info I could find at once. I'll dig deeper and see if there's a solution.
    http://www.securitytracker.com/alert...r/1006445.html

  5. #5
    Full Member
    Join Date
    January 18th, 2005
    Posts
    347
    There is a login hack to fix the exploit in that link. You just have to set up a login for admin, as far as I can see.

    I have the latest version, loaded with SEC 2.2 and Webmakers addon, with forced login built in. I'm safe!

  6. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Where to go when Hacked?
    By liter in forum Business & Legal Issues
    Replies: 5
    Last Post: May 9th, 2011, 02:20 AM
  2. I've Been Hacked!
    By Cheesehead in forum Midnight Cafe'
    Replies: 8
    Last Post: January 16th, 2005, 07:05 AM
  3. Ever been hacked?
    By sloth in forum Midnight Cafe'
    Replies: 7
    Last Post: August 11th, 2004, 02:34 AM
  4. I was Hacked
    By dete99 in forum Midnight Cafe'
    Replies: 14
    Last Post: August 22nd, 2002, 10:58 PM
  5. I was hacked
    By flowerpower in forum Midnight Cafe'
    Replies: 3
    Last Post: April 30th, 2002, 04:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •