Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What does it means &sa=U&ei?

Tags:

security

I have a website, today looking at the log, I found some request to a page from my server with appended this variable &sa=U&ei.

Could you tell me guys what &sa=U&e could mean? Could be an attempt to find Nullable Scrips? Could be a security threat?

&sa=U&ei=XuRBT92UFseYhQf_w7HeBQ&ved=0CNYBEBYwYw&sig2=Rt1Cr_FCPD1-6VYu__Oavg&usg=AFQjCNFlHVaDQL--kgDbOn2vNgUqwUOsTA

The error in my log is:

A potentially dangerous Request.Path value was detected from the client (&)

like image 227
GibboK Avatar asked Feb 22 '12 08:02

GibboK


2 Answers

http://www.bleepingcomputer.com/forums/topic442637.html

But nevermind. I found the offending culprit. Seems that for some reason my "GoogleEnhancer" became "incompatible" with Firefox. It worked fine even before I updated to 10, but go figure. And it wasn't the whole add-on, it was the "Use Google Classic" radio button turned on. I got this add-on after Google started making their search engine so... oh, what's the word I'm looking for... umm... oh, yeah... crappy!

http://www.ausforces.com/showthread.php?6595-Google-is-acting-odd...

I figured out what it is... I have an add-on called google enhancer which obviously hasn't been updated properly of late. Disabled it and it worked fine. Well that was a waste of a thread. Thanks for the help though guys.

So, the unnecessary part of the request is created by an outdated add-on for Firefox, nothing serious. The visitors with that add-on have more problems than your website :)

like image 52
Cheery Avatar answered Nov 20 '22 09:11

Cheery


Practically, it could just be simple url request.

And the random texts you are seeing could be an autogenerated random string to maintain sessions. As there seems nothing wrong with the URL, and those sa and ei simply means, that these get variables are assigned some values, which would then be used in your application, for may be session management or other purpose.

From the face of it, it doesn't appears to be any hackable stuff.

like image 34
linuxeasy Avatar answered Nov 20 '22 08:11

linuxeasy