Hi, I recently found this malicious entry in my web sever logs. I believe its an attempted stored XSS attack but I'm hoping someone with more experience can explain exactly what its doing? It came from an exit node on the TOR network;
"POST /index.php?m=member&c=index&a=register&siteid=1 HTTP/1.1" 200 7869 1349875 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" "-"
The script contained the below;
The above link has been obfuscated for obvious reasons..its malicious!
Any advice would be much appreciated