Hi everybody, In the normal admin console I got some weird erorr urls, like "/var/ jquery/).replac". They almost look like script injections for links (so that if a link to the requested url would be created in the admin console, clicking it would open up my account or something cool like that).
Appended to the end of this message is the source of the table showing the urls. Following the links will send me to the admin log where the filter it selects is not a valid regular expression and fails to show up. So that is probably a bug. I think the url escaping does not properly protect against regular expression syntax, while the log viewer expects it to.That is just a bug report, but I wanted to start a thread so I could ask whether the links could be attack attempts? (Failed attempts to insert javascript into the admin console or something weird like that, even though I don't think it is currently possible without the "javascript:" prefix in there :) ). Greets, Bram =====HTML source from my admin console <table id="ae-dash-errors" class="ae-table ae-table-striped"> <caption> <strong> Errors <a href="http://code.google.com/appengine/kb/ general.html#erroruris" target="_blank"><img class="ae-help-icon" src="/img/help.gif" alt="help" height="14" width="14"></a> </strong> </caption> <colgroup> <col> <col id="ae-dash-errors-count-col"> <col id="ae-dash-errors-percent-col"> </colgroup> <thead> <tr> <th scope="col">URI<span> </span></th> <th scope="col" title="Total Number of Errors">Count<span> </ span></th> <th scope="col" title="Percentage of Requests for this URI which Resulted in Errors"> % Errors <span> last 10 hrs </span> </th> </tr> </thead> <tbody> <tr> <td> <div class="ae-nowrap" title="/var/jquery/"> <a href="/logs? include_req_logs=True&severity_level=&app_id=metamirrors&version_id=1.336318870400245231&logs_form=1&filter=path %3A%22%2Fvar%2Fjquery%2F%22+status%3A%5B45%5D%5Cd %5Cd&filter_type=labels&view=View">/var/jquery/</a> </div> </td> <td> 4 </td> <td> 100% </td> </tr> <tr class="ae-even"> <td> <div class="ae-nowrap" title="/var/jquery/text/javascript"> <a href="/logs? include_req_logs=True&severity_level=&app_id=metamirrors&version_id=1.336318870400245231&logs_form=1&filter=path %3A%22%2Fvar%2Fjquery%2Ftext%2Fjavascript%22+status%3A%5B45%5D%5Cd %5Cd&filter_type=labels&view=View">/var/jquery/text/ javascript</a> </div> </td> <td> 1 </td> <td> 100% </td> </tr> <tr> <td> <div class="ae-nowrap" title="/text/javascript"> <a href="/logs? include_req_logs=True&severity_level=&app_id=metamirrors&version_id=1.336318870400245231&logs_form=1&filter=path %3A%22%2Ftext%2Fjavascript%22+status%3A%5B45%5D%5Cd %5Cd&filter_type=labels&view=View">/text/javascript</a> </div> </td> <td> 1 </td> <td> 100% </td> </tr> <tr class="ae-even"> <td> <div class="ae-nowrap" title="/var/jquery/).replace(/%20/g,"> <a href="/logs? include_req_logs=True&severity_level=&app_id=metamirrors&version_id=1.336318870400245231&logs_form=1&filter=path %3A%22%2Fvar%2Fjquery%2F%29.replace%28%2F%2520%2Fg%2C%22+status%3A %5B45%5D%5Cd%5Cd&filter_type=labels&view=View">/var/ jquery/).replace(/%20/g,</a> </div> </td> <td> 1 </td> <td> </td> </tr> <tr> <td> <div class="ae-nowrap" title="/).replace(/%20/g,"> <a href="/logs? include_req_logs=True&severity_level=&app_id=metamirrors&version_id=1.336318870400245231&logs_form=1&filter=path %3A%22%2F%29.replace%28%2F%2520%2Fg%2C%22+status%3A%5B45%5D%5Cd %5Cd&filter_type=labels&view=View">/).replace(/%20/g,</a> </div> </td> <td> 1 </td> <td> </td> </tr> </tbody> </table> --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
