View ProjeQtOr On SourceForge.net
ProjeQtOr - Project Management Tool
Support us on Capterra
OIN - Open Invention Network
ProjeQtOr free project management software - Try to Hack detected when changing validated due date in milestone - ProjeQtOr
 

Try to Hack detected when changing validated due date in milestone

More
27 Oct 2024 14:07 - 27 Oct 2024 14:08 #1 by karl.binet
Hello,

V11.4.1

As soon as a user tries to change the validated due date in a milestone and hit SAVE, the projeqtor logo never stops spinning and after about 20 seconds i'm gettings disconnected (lost connection).

and i have this in the logs

Can you have a look please.

2024-10-27 08:33:44.595 ***** ERROR ***** [V11.4.1] [27] Try to hack detected
2024-10-27 08:33:44.595 ***** ERROR ***** [V11.4.1] [27] Source Code = Invalid dateTime format for 'Fri Feb 09 2024 00:00:00 GMT-0500 (heure normale de l’Est nord-américain)' : only 5 to 19 characters length possible
2024-10-27 08:33:44.595 ***** ERROR ***** [V11.4.1] [27] QUERY_STRING = csrfToken=&destinationWidth=50&destinationHeight=0&isIE=&xhrPostDestination=resultDivMain&xhrPostIsResultMessage=true&xhrPostValidationType=&xhrPostTimestamp=1730032424405&csrfToken=
2024-10-27 08:33:44.595 ***** ERROR ***** [V11.4.1] [27] REMOTE_ADDR = 10.1.120.51
2024-10-27 08:33:44.595 ***** ERROR ***** [V11.4.1] [27] SCRIPT_FILENAME = /var/www/html/tool/saveObject.php
2024-10-27 08:33:44.595 ***** ERROR ***** [V11.4.1] [27] CONNECTED USER = #27 - karl.binet
2024-10-27 08:33:44.595 ***** ERROR ***** [V11.4.1] [27] === Trace Stack for last error ===
2024-10-27 08:33:44.595 ***** ERROR ***** [V11.4.1] [27] => /var/www/html/tool/projeqtor.php at line 1698 calling debugPrintTraceStack()
2024-10-27 08:33:44.595 ***** ERROR ***** [V11.4.1] [27] => /var/www/html/model/Security.php at line 106 calling traceHack()
2024-10-27 08:33:44.595 ***** ERROR ***** [V11.4.1] [27] => /var/www/html/model/persistence/SqlElement.php at line 3495 calling Security:checkValidDateTime()
2024-10-27 08:33:44.595 ***** ERROR ***** [V11.4.1] [27] => /var/www/html/model/persistence/SqlElement.php at line 3426 calling SqlElement:fillSqlElementFromRequest()
2024-10-27 08:33:44.595 ***** ERROR ***** [V11.4.1] [27] => /var/www/html/model/persistence/SqlElement.php at line 3000 calling SqlElement:fillSqlElementFromRequest()
2024-10-27 08:33:44.595 ***** ERROR ***** [V11.4.1] [27] => /var/www/html/tool/saveObject.php at line 70 calling SqlElement:fillFromRequest()
2024-10-27 08:33:44.595 ***** ERROR ***** [V11.4.1] [27] ===
2024-10-27 08:33:44.595 ***** ERROR ***** [V11.4.1] [27] REQUEST_URI = /tool/saveObject.php?csrfToken=&destinationWidth=50&destinationHeight=0&isIE=&xhrPostDestination=resultDivMain&xhrPostIsResultMessage=true&xhrPostValidationType=&xhrPostTimestamp=1730032424405&csrfToken=
2024-10-27 08:33:44.820 ===== TRACE ===== API : mode=GET user=svc_reader, id=525, profile=17
2024-10-27 08:34:29.933 ===== TRACE ===== API : mode=GET user=svc_reader, id=525, profile=17
2024-10-27 08:35:11.904 ===== TRACE ===== [27] NEW CONNECTED USER 'karl.binet'
2024-10-27 08:35:45.728 ***** ERROR ***** [V11.4.1] [27] HACK ================================================================
2024-10-27 08:35:45.728 ***** ERROR ***** [V11.4.1] [27] Try to hack detected
2024-10-27 08:35:45.728 ***** ERROR ***** [V11.4.1] [27] Source Code = Invalid dateTime format for 'Fri Feb 09 2024 00:00:00 GMT-0500 (heure normale de l’Est nord-américain)' : only 5 to 19 characters length possible
2024-10-27 08:35:45.728 ***** ERROR ***** [V11.4.1] [27] QUERY_STRING = csrfToken=&destinationWidth=50&destinationHeight=0&isIE=&xhrPostDestination=resultDivMain&xhrPostIsResultMessage=true&xhrPostValidationType=&xhrPostTimestamp=1730032545536&csrfToken=
2024-10-27 08:35:45.728 ***** ERROR ***** [V11.4.1] [27] REMOTE_ADDR = 10.1.120.51
2024-10-27 08:35:45.728 ***** ERROR ***** [V11.4.1] [27] SCRIPT_FILENAME = /var/www/html/tool/saveObject.php
2024-10-27 08:35:45.728 ***** ERROR ***** [V11.4.1] [27] CONNECTED USER = #27 - karl.binet
2024-10-27 08:35:45.728 ***** ERROR ***** [V11.4.1] [27] === Trace Stack for last error ===
2024-10-27 08:35:45.728 ***** ERROR ***** [V11.4.1] [27] => /var/www/html/tool/projeqtor.php at line 1698 calling debugPrintTraceStack()
2024-10-27 08:35:45.728 ***** ERROR ***** [V11.4.1] [27] => /var/www/html/model/Security.php at line 106 calling traceHack()
2024-10-27 08:35:45.729 ***** ERROR ***** [V11.4.1] [27] => /var/www/html/model/persistence/SqlElement.php at line 3495 calling Security:checkValidDateTime()
2024-10-27 08:35:45.729 ***** ERROR ***** [V11.4.1] [27] => /var/www/html/model/persistence/SqlElement.php at line 3426 calling SqlElement:fillSqlElementFromRequest()
2024-10-27 08:35:45.729 ***** ERROR ***** [V11.4.1] [27] => /var/www/html/model/persistence/SqlElement.php at line 3000 calling SqlElement:fillSqlElementFromRequest()
2024-10-27 08:35:45.729 ***** ERROR ***** [V11.4.1] [27] => /var/www/html/tool/saveObject.php at line 70 calling SqlElement:fillFromRequest()
2024-10-27 08:35:45.729 ***** ERROR ***** [V11.4.1] [27] ===
2024-10-27 08:35:45.729 ***** ERROR ***** [V11.4.1] [27] REQUEST_URI = /tool/saveObject.php?csrfToken=&destinationWidth=50&destinationHeight=0&isIE=&xhrPostDestination=resultDivMain&xhrPostIsResultMessage=true&xhrPostValidationType=&xhrPostTimestamp=1730032545536&csrfToken=
Last edit: 27 Oct 2024 14:08 by karl.binet.

Please Log in or Create an account to join the conversation.

More
28 Oct 2024 00:25 #2 by babynus
Hi,

This issue is fixed.
Fix is available through subscription service.
Will be available on next version.

Babynus
Administrator of ProjeQtOr web site

Please Log in or Create an account to join the conversation.

Moderators: babynusprotion
Time to create page: 0.034 seconds

Cookies settings

×

Functional Cookies

Ce site utilise des cookies pour assurer son bon fonctionnement et ne peuvent pas être désactivés de nos systèmes. Nous ne les utilisons pas à des fins publicitaires. Si ces cookies sont bloqués, certaines parties du site ne pourront pas fonctionner.

Session

Please login to see yours activities!

Other cookies

Ce site web utilise un certain nombre de cookies pour gérer, par exemple, les sessions utilisateurs.