Cross Sit Scripting

Discussion in 'Questions & Suggestions for CFnet Staff' started by turnorburn, Mar 17, 2016.

  1. turnorburn

    turnorburn Member

    Joined:
    Nov 21, 2007
    Messages:
    8,640
    Location:
    In His Service
  2. Nick

    Nick Staff Member Moderator

    Joined:
    Feb 27, 2009
    Messages:
    14,179
    Location:
    Sydney
    Thanks. Will look into it. Any other details you can provide would be helpful.
     
  3. turnorburn

    turnorburn Member

    Joined:
    Nov 21, 2007
    Messages:
    8,640
    Location:
    In His Service
    Got this...

    [NoScript InjectionChecker] JavaScript Injection in ///se/0/_/ 1/fastbutton?usegapi=1&count=true&size=medium&hl=en-US&origin=http://christianforums.net&url=http...christianforums.net&pfname=&rpctoken=36151825
    (function anonymous() {
    _methods=onPlusOne,_ready,_close,_open,_resizeMe,_renderstart,oncircled,drefresh,erefresh,onload /* COMMENT_TERMINATOR */
    DUMMY_EXPR
    })

    [NoScript XSS] Sanitized suspicious request. Original URL [https://apis.google.com/se/0/_/+1/fastbutton?usegapi=1&count=true&size=medium&hl=en-US&origin=http://christianforums.net&url=http://christianforums.net/Fellowship/index.php?threads/cross-sit-scripting.63761/&gsrc=3p&ic=1&jsh=m;/_/scs/apps-static/_/js/k=oz.gapi.fr.QFw-iDc8xks.O/m=__features__/am=AQ/rt=j/d=1/rs=AGLTcCMEbtw1-ISYb9cBV1SUi4RVwI_mMw#_methods=onPlusOne,_ready,_close,_open,_resizeMe,_renderstart,oncircled,drefresh,erefresh,onload&id=I0_1458323724082&parent=http://christianforums.net&pfname=&rpctoken=36151825] requested from [http://christianforums.net/Fellowship/index.php?threads/cross-sit-scripting.63761/]. Sanitized URL: [https://apis.google.com/#0867549505455284982].

    [NoScript InjectionChecker] JavaScript Injection in ///se/0/_/ 1/fastbutton?usegapi=1&count=true&size=medium&hl=en-US&origin=http://christianforums.net&url=http...christianforums.net&pfname=&rpctoken=18528338
    (function anonymous() {
    _methods=onPlusOne,_ready,_close,_open,_resizeMe,_renderstart,oncircled,drefresh,erefresh,onload /* COMMENT_TERMINATOR */
    DUMMY_EXPR
    })
    [NoScript XSS] Sanitized suspicious request. Original URL [https://apis.google.com/se/0/_/+1/fastbutton?usegapi=1&count=true&size=medium&hl=en-US&origin=http://christianforums.net&url=http://christianforums.net/Fellowship/index.php?threads/cross-sit-scripting.63761/&gsrc=3p&ic=1&jsh=m;/_/scs/apps-static/_/js/k=oz.gapi.fr.QFw-iDc8xks.O/m=__features__/am=EQ/rt=j/d=1/rs=AGLTcCMUODXGorzW_nKFaJ0kUB9E7Bjq6g#_methods=onPlusOne,_ready,_close,_open,_resizeMe,_renderstart,oncircled,drefresh,erefresh,onload&id=I0_1458323794522&parent=http://christianforums.net&pfname=&rpctoken=18528338] requested from [http://christianforums.net/Fellowship/index.php?threads/cross-sit-scripting.63761/]. Sanitized URL: [https://apis.google.com/#9626737645044312847].

    From the console.. It doesn't do it until i click on a forum topic
     
  4. Nick

    Nick Staff Member Moderator

    Joined:
    Feb 27, 2009
    Messages:
    14,179
    Location:
    Sydney
    Thanks.
     
  5. turnorburn

    turnorburn Member

    Joined:
    Nov 21, 2007
    Messages:
    8,640
    Location:
    In His Service
  6. turnorburn

    turnorburn Member

    Joined:
    Nov 21, 2007
    Messages:
    8,640
    Location:
    In His Service
    If your just viewing the forum no alert but the instant you click on a forum to view it the alert pops up.. :chin
     
  7. turnorburn

    turnorburn Member

    Joined:
    Nov 21, 2007
    Messages:
    8,640
    Location:
    In His Service
  8. turnorburn

    turnorburn Member

    Joined:
    Nov 21, 2007
    Messages:
    8,640
    Location:
    In His Service
    Whatever you did Eora its fixed..:thumb
     
  9. Nick

    Nick Staff Member Moderator

    Joined:
    Feb 27, 2009
    Messages:
    14,179
    Location:
    Sydney
    Hmmm. I actually did nothing. Was going to take a look and then you posted.

    Let me know if it happens again and if it does I'll take a proper look.
     

Share This Page