Ecommerce software home
Shopping Cart Software Forum for Ecommerce Templates
 
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

Find us on Facebook Follow us on Twitter View our YouTube channel
Search our site
 All Forums
 Technical
 ASP (Windows server) versions
 Interesting order attempt
Author « Topic »  

ekrzycki
Advanced Member

USA
351 Posts

Pre-sales questions only
(More Details...)

Posted - 04/17/2019 :  19:40:12  
OK -- I had my website checkout disabled this week for some time off. Yet somebody managed to get an order into the system...sort of. They tried to buy a bunch of random stuff for about $5500 plus had free shipping to Chicago (somehow). Of course, the transaction is invalid and the order status is "unauthorized".

To disable the checkout function this week: within my includes file, I have minpurchaseamount=9999999. They shouldn't have been able to get through to any checkout so how did they do this?

And -- looking at info within admin orders, all looks hand typed (although the address "3" doesn't exactly match up). BUT within a zip code in billing details there is an IP address (Chicago). And within the zip code in shipping address is some sql junk: "'||CTXSYS.DRITHSX.SN(user,(select UTL_INADDR.GET_H"

And blockmultipurchase is set at 10 for checkout attempts yet they somehow managed to attempt to checkout 160 times. 149.28.53.1 in NJ, probably not their real IP address.

And user email is entered at netsparker@example.com
--netsparker--

So is this some sort of SQL injection attempt? And should I be concerned?
Website is somewhat up to date at 7.0.2 and hosted by servelink.

dbdave
ECT Moderator

USA
10242 Posts

Posted - 04/17/2019 :  20:30:29  
Netsparker is a well known bot - you can google it.
It comes - it tries to wreak havok and then moves on.
I can't tell you how it got that far, but it is very persistent that's for sure.

If the website is up to date and you are with servelink, you should be pretty safe.

Andy may be able to offer some additional info, but I have had this exact bot attack my site several times, with no harm, other than a few nuisance orders like you see, and lots of server errors, and server load I am sure.

Andy
ECT Moderator

95440 Posts

Posted - 04/18/2019 :  00:03:26  
Hi

Yes, I'd say that is well summed up by dbdave. It is a bot and no need to be unduly concerned.

Andy

Please feel free to review / rate our software

ekrzycki
Advanced Member

USA
351 Posts

Pre-sales questions only
(More Details...)

Posted - 04/19/2019 :  20:46:42  
The thing that got to me is the fact that the website checkout function was disabled yet they somehow managed to get to checkout phase. To me it seems like a partial success in being able to to break in with SQL injection.

Ed

dbdave
ECT Moderator

USA
10242 Posts

Posted - 04/19/2019 :  20:57:31  
No, it's just a matter of this thing has figured out how to post data to forms directly. The checkout process is an elaborate form, the bot will read the source of the page and it's smart enough to see where data is being posted and attempts to bypass steps of adding to cart and checkout steps.
I saw a bot add 30 - 40 lines items to a cart and attempt checkout in a matter of seconds.
I would cancel that order and within a few seconds another cart appeared with many line items in it. This happened over and over until I blocked the IP in my hosting account.
  « Topic »  
Jump To:
Shopping Cart Software Forum for Ecommerce Templates © 2002-2022 ecommercetemplates.com
This page was generated in 0.02 seconds. Snitz Forums 2000