RocketTheme - TOPIC: XSS in versatility 4 ?

Welcome Guest! Login

0 items Join Now

- chris1407
- Newbie
- Posts: 14
- Thanks: 0
XSS in versatility 4 ?

Posted 15 years 10 months ago
- i scanned my website with an vulnerability scanner. it gives me an high risk bug.
  
  'malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them'
  
  proof of concept:
  
  _http://www.mysite.com/?fontstyle=1"+onmouseover=alert(664447827493)+
  
  if you do this, a popup will open and shows you the numbers from the example. (664447827493)
  
  what did you think ?
#329686
- Arifin FinLy
- Preeminent Rocketeer
- Posts: 17372
- Thanks: 18
Re: XSS in versatility 4 ?

Posted 15 years 10 months ago
- Hello,
  
  what software or script you used to scan your website?
  Could you please provide your site link?
#329963
- chris1407
- Newbie
- Posts: 14
- Thanks: 0
Re: XSS in versatility 4 ?

Posted 15 years 10 months ago
- my site: www.infected-web.de/
  
  i used acunetix scanner
  
  acunetix.com
#330015
- Arifin FinLy
- Preeminent Rocketeer
- Posts: 17372
- Thanks: 18
Re: XSS in versatility 4 ?

Posted 15 years 10 months ago
- Hello,
  
  I still don't check with that scanner.
  Could you please check whether the demo demo.rockettheme.com/nov08_j15/ also shows the same xss warning?
#330491
- chris1407
- Newbie
- Posts: 14
- Thanks: 0
Re: XSS in versatility 4 ?

Posted 15 years 10 months ago
- your server has a firewall that will block that. i downloaded the template 2 days ago from your server, its the latest one. everybody with no firewall have a xss problem.
#330569
- chris1407
- Newbie
- Posts: 14
- Thanks: 0
Re: XSS in versatility 4 ?

Posted 15 years 10 months ago
- check out this one. versatility 4 is not fixed yet.
  
  www.rockettheme.com/forum/index.php?p=129721&rb_v=viewtopic
#331024
- Arifin FinLy
- Preeminent Rocketeer
- Posts: 17372
- Thanks: 18
Re: XSS in versatility 4 ?

Posted 15 years 10 months ago
- Hello Chris,
  
  I will ask and confirm this to the developer team. Thanks for heading this up.
#331030
- Andy Miller
- Preeminent Rocketeer
- Posts: 9919
- Thanks: 96
- Web Kahuna
Re: XSS in versatility 4 ?

Posted 15 years 10 months ago
- Hi Chris, i'm not able to replicate this issue. I just installed the latest version of the Joomla 1.5 based RocketLauncher for Verstility4. Then i put this URL in the browser:
  
  _http://localhost/demo/nov08/index.php?fontstyle=1+onmouseover=alert(664447827493)+
  
  EDIT: Ok, missed a quote, I see it now. Strange. I'll take a look at it. For the record these types of XSS are generally considered LOW impact as they only run client side js.
#331114
- Andy Miller
- Preeminent Rocketeer
- Posts: 9919
- Thanks: 96
- Web Kahuna
Re: XSS in versatility 4 ?

Posted 15 years 10 months ago
- Ok can you replace line 12 in rt_styleswitcher.php with this:
  
  $$tprop = htmlentities(JRequest::getString($tprop, null, 'get'));
  
  Should resolve it.
#331311
- chris1407
- Newbie
- Posts: 14
- Thanks: 0
Re: XSS in versatility 4 ?

Posted 15 years 10 months ago
- ok, thx for the fix.
  
  - i use this template for my business website, and its not very trustfull for my customers when i have a bug there.
  
  thx
#331485

Time to create page: 0.076 seconds

XSS in versatility 4 ?

XSS in versatility 4 ?

Re: XSS in versatility 4 ?

Re: XSS in versatility 4 ?

Re: XSS in versatility 4 ?

Re: XSS in versatility 4 ?

Re: XSS in versatility 4 ?

Re: XSS in versatility 4 ?

Re: XSS in versatility 4 ?

Re: XSS in versatility 4 ?

Re: XSS in versatility 4 ?