View ProjeQtOr On SourceForge.net
ProjeQtOr - Project Management Tool
Support us on Capterra
OIN - Open Invention Network
ProjeQtOr free project management software - [SOLVED] Try to hack detacted! - ProjeQtOr
 

[SOLVED] Try to hack detacted!

More
08 Oct 2025 14:56 #1 by chandrashekhar
Hi,

I am experiencing the strange that I am logging as an admin in just fresh installation of Projeqtor, I have just made all modules disabled else ticketing. and trying to work on different access forms, but strangely, the system is throwing me out! Could you please assist me with this? Please refer to the below log I checked. 

2025-10-08 18:16:55.608 ===== TRACE ===== [1] NEW CONNECTED USER 'admin'
2025-10-08 18:17:38.519 ***** ERROR ***** [V12.2.2] [1] HACK ================================================================
2025-10-08 18:17:38.520 ***** ERROR ***** [V12.2.2] [1] Try to hack detected
2025-10-08 18:17:38.520 ***** ERROR ***** [V12.2.2] [1]  Source Code = Cross-site scripting detected calling /projeqtor_tech/tool/checkAlertToDisplay.php
2025-10-08 18:17:38.521 ***** ERROR ***** [V12.2.2] [1]  QUERY_STRING = csrfToken=7b8f7e779a644e73f746a8d85868ae24ab1fcfd25ddf4b0c5615eac1059cc987944b08&directAccessIndex=
2025-10-08 18:17:38.522 ***** ERROR ***** [V12.2.2] [1]  REMOTE_ADDR = xxx.xxx.xx.x
2025-10-08 18:17:38.522 ***** ERROR ***** [V12.2.2] [1]  SCRIPT_FILENAME = C:/Apache24/htdocs/projeqtor_tech/tool/checkAlertToDisplay.php
2025-10-08 18:17:38.522 ***** ERROR ***** [V12.2.2] [1]  CONNECTED USER = #1 - admin
2025-10-08 18:17:38.524 ***** ERROR ***** [V12.2.2] [1]     Last connection = 2025-10-08 18:13:18
2025-10-08 18:17:38.524 ***** ERROR ***** [V12.2.2] [1]         Last access = 2025-10-08 18:16:55
2025-10-08 18:17:38.525 ***** ERROR ***** [V12.2.2] [1]       Disconnection = 
2025-10-08 18:17:38.525 ***** ERROR ***** [V12.2.2] [1]  === Trace Stack for last error ===
2025-10-08 18:17:38.526 ***** ERROR ***** [V12.2.2] [1]  => C:\Apache24\htdocs\projeqtor_tech\tool\projeqtor.php at line 1734 calling debugPrintTraceStack()
2025-10-08 18:17:38.526 ***** ERROR ***** [V12.2.2] [1]  => C:\Apache24\htdocs\projeqtor_tech\tool\projeqtor.php at line 252 calling traceHack()
2025-10-08 18:17:38.526 ***** ERROR ***** [V12.2.2] [1]  => C:\Apache24\htdocs\projeqtor_tech\tool\checkAlertToDisplay.php at line 29 calling require_once()
2025-10-08 18:17:38.527 ***** ERROR ***** [V12.2.2] [1]  ===
2025-10-08 18:17:38.527 ***** ERROR ***** [V12.2.2] [1]  REQUEST_URI = /projeqtor_tech/tool/checkAlertToDisplay.php?csrfToken=7b8f7e779a644e73f746a8d85868ae24ab1fcfd25ddf4b0c5615eac1059cc987944b08&directAccessIndex=
2025-10-08 18:18:28.137 ===== TRACE ===== [1] NEW CONNECTED USER 'admin'

Please Log in or Create an account to join the conversation.

More
08 Oct 2025 23:39 #2 by babynus
Replied by babynus on topic Try to hack detacted!
The CSRF token is incorrect.
Possibly you have browser cache issue or session issue.

Clean browser cache and close browser. 
 

Babynus
Administrator of ProjeQtOr web site
The following user(s) said Thank You: chandrashekhar

Please Log in or Create an account to join the conversation.

More
09 Oct 2025 11:34 #3 by chandrashekhar
Hi,

It was observed that when we use same browser(in my case microsoft edge) and opening two different projeqtor urls (http://192.168.1.23/projeqtor and http://192.168.1.23/projeqtor_tech) in two different tabs, try to hack detection message logging in log file and system throwing me out! FYI.

Please Log in or Create an account to join the conversation.

More
09 Oct 2025 11:42 #4 by babynus
Replied by babynus on topic Try to hack detacted!
Yes, and it is normal to avoid session mix.
In your case you have 2 instances on save server, that you acces with same domain.
The browser will manage only 1 PHP session, so you will have a session mix between your session.
This is borbidden ad the try to hack os a security feature that disconnects you.

If you have several instances on same server and you want to open then simultaneously on same browser, you need to use virtualhosts

Babynus
Administrator of ProjeQtOr web site
The following user(s) said Thank You: chandrashekhar

Please Log in or Create an account to join the conversation.

Moderators: babynusprotion
Time to create page: 0.180 seconds

Cookies settings

×

Functional Cookies

Ce site utilise des cookies pour assurer son bon fonctionnement et ne peuvent pas être désactivés de nos systèmes. Nous ne les utilisons pas à des fins publicitaires. Si ces cookies sont bloqués, certaines parties du site ne pourront pas fonctionner.

Session

Please login to see yours activities!

Other cookies

Ce site web utilise un certain nombre de cookies pour gérer, par exemple, les sessions utilisateurs.