为什么我的 Rails 应用程序接收 URL 中带有 jQuery 代码的请求?
我们在 Heroku 上运行的生产 Rails 2.3.5 应用程序收到了奇怪的请求,其中 URL 中包含 JavaScript 片段。我们在 Heroku 上使用 Hoptoad/Airbrake 设置了错误报告,我在其中看到如下请求:
http://cooksnetwork.williams-sonoma.com/publishers/448/widgets/;if(c.css(this[a], http://cooksnetwork.williams-sonoma.com/publishers /448/widgets/);f=e.css( http://cooksnetwork.williams-sonoma.com/publishers/448/widgets/,c.css(这个[a], http://cooksnetwork.williams-sonoma.com/publishers/448/widgets /).css(
这些是 RESTful 路由,小部件嵌套在发布者下。widgets/ 之后的字符串可以在缩小的文件中找到jQuery 1.4.2 源代码,位于 public/javascripts 中。每个请求都会导致 ActionView::MissingTemplate 错误,所有内容均位于 widgets/ 中。 > 和 .css 被解释为所需的操作,例如:
ActionView::MissingTemplate:缺少模板小部件/;if(视图路径 app/views 中的 c.erb
似乎是相同的四个片段,按相同的顺序,每 1-5 分钟作为一组出现,花费 1-2 分钟从开始到结束,
这些错误已被记录超过 60,000 次。是否有人有类似的经历或知道发生了什么?
Our production Rails 2.3.5 app, running on Heroku, is receiving bizarre requests that include snippets of JavaScript in the URL. We have error reporting set up with Hoptoad/Airbrake on Heroku, where I'm seeing requests like the following:
http://cooksnetwork.williams-sonoma.com/publishers/448/widgets/;if(c.css(this[a],
http://cooksnetwork.williams-sonoma.com/publishers/448/widgets/);f=e.css(
http://cooksnetwork.williams-sonoma.com/publishers/448/widgets/,c.css(this[a],
http://cooksnetwork.williams-sonoma.com/publishers/448/widgets/).css(
These are RESTful routes, with widgets nested under publishers. The strings following widgets/ are found in the minified jQuery 1.4.2 source, which we have in public/javascripts. Each request results in an ActionView::MissingTemplate error, with everything between widgets/ and .css being interpreted as the desired action, ex.:
ActionView::MissingTemplate: Missing template widgets/;if(c.erb in view path app/views
It seems to be the same four snippets, in the same order, occurring as a set every 1-5 minutes and taking 1-2 minutes from start to finish. The publisher ID varies over time.
These errors have been logged over 60,000 times now. Does anyone have similar experience or an idea what's happening?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这个网站是公开的吗?有人可能试图寻找 XSS 漏洞
Is this site public? Someone might be trying to find XSS exploits