我在magento日志文件中找到了这些条目。不确定这是否是黑客试图输入输入错误数据或漏洞利用的证据。从日志文件:
var/log/exception.log:4118:2014-10-30T22:46:39+00:00 DEBUG (7): Exception message: No date part in '<?import namespace="CrossSiteScripting" implementation="http://ha.ckers.org/CrossSiteScripting.htc">' found.
var/log/exception.log:4131:exception 'Zend_Locale_Exception' with message 'No date part in '<?import namespace="CrossSiteScripting" implementation="http://ha.ckers.org/CrossSiteScripting.htc">' found.' in lib/Zend/Locale/Format.php:869
var/log/exception.log:4352:2014-10-30T22:46:49+00:00 DEBUG (7): Exception message: No date part in '<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>' found.
var/log/exception.log:4365:exception 'Zend_Locale_Exception' with message 'No date part in '<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>' found.' in lib/Zend/Locale/Format.php:869
var/log/exception.log:4534:2014-10-30T22:46:55+00:00 DEBUG (7): Exception message: No date part in '<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>' found.
var/log/exception.log:4547:exception 'Zend_Locale_Exception' with message 'No date part in '<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>' found.' in lib/Zend/Locale/Format.php:869
它们似乎来自lib / Zend / Locale / Format.php中的函数 - 第869行
private static function _parseDate($date, $options)
相关代码是:
// split number parts
$split = false;
preg_match_all('/\d+/u', $number, $splitted);
if (count($splitted[0]) == 0) {
iconv_set_encoding('internal_encoding', $oenc);
#require_once 'Zend/Locale/Exception.php';
throw new Zend_Locale_Exception("No date part in '$date' found.");
}
if (count($splitted[0]) == 1) {
$split = 0;
}
$cnt = 0;
foreach($parse as $key => $value) {