RocketTheme - TOPIC: securityleaks? (1/3)

Welcome Guest! Login

0 items Join Now

- suzanne roelse
- Newbie
- Posts: 18
- Thanks: 0
securityleaks?

Posted 10 years 8 months ago
- My hostingprovider found leaks in the gantry map system. can you tell me what to do?
  i have the newest installation of Gantry 4.1.20 and Joomla 2.5.18
  
  [Joomla] Clickjacking-kwetsbaarheden XSS /plugins/system/gantry/overrides/3.0/2.5/com_users/reset/complete.php
  [Joomla] Clickjacking-kwetsbaarheden XSS /plugins/system/gantry/overrides/3.0/2.5/com_users/login/default_login.php
  [Joomla] Clickjacking-kwetsbaarheden XSS /plugins/system/gantry/overrides/3.0/2.5/com_users/registration/default.php
  [Joomla] Highlight-plugin vatbaar voor code-injectie Code-injectie /plugins/system/gantry/overrides/3.0/2.5/com_finder/search/default_result.php
  [Joomla] XSS in taalkeuzemodule XSS /plugins/system/gantry/overrides/3.0/2.5/mod_languages/default.php
#1072491
- Andy Miller
- Preeminent Rocketeer
- Posts: 9919
- Thanks: 96
- Web Kahuna
Re: securityleaks?

Posted 10 years 8 months ago
- hmm.. not sure exactly what this is about, but we'll look into it and get back to you, thanks!
#1072512
- suzanne roelse
- Newbie
- Posts: 18
- Thanks: 0
Re: securityleaks?

Posted 10 years 8 months ago
- any news?
  
  there was an update yesterday but i don't think this was solved yet or is it now solved?
#1074523
- Andy Miller
- Preeminent Rocketeer
- Posts: 9919
- Thanks: 96
- Web Kahuna
Re: securityleaks?

Posted 10 years 8 months ago
- Suzanne, we've looked into this and we've compared our overrides to the joomla ones and they are basically identical. We don't see anything that could be a security issue at all. BTW, in your paste above you have referenced gantry overrides that we use when running Joomla 3.0, that basically fall back to the same output as we use in our 2.5 templates (for compatibility). These files are not even used by your Joomla 2.5.18 install.
  
  My hunch is that this security script that is reporting this is just scanning files and finding our overrides and doesn't really know what to do with them. I am confident this is not a security issue, but more of a false alarm type situation.
- The following users have thanked you: suzanne roelse
#1074653
- suzanne roelse
- Newbie
- Posts: 18
- Thanks: 0
Re: securityleaks?

Posted 10 years 8 months ago
- Oke thanks! i will pas it on to my hosting.
  
  why are there files in the installation when they are not even used by my Joomla?
  And can i delete them or will they come back every update i make?
#1075397
- Joe Halleck
- Preeminent Rocketeer
- Posts: 5480
- Thanks: 67
- Never give up!
Re: securityleaks?

Posted 10 years 8 months ago
- Ask your hosting provider what tool they are using to scan.
- Magento - phpBB3 - Kunena - RokBridge Specialist
  No Secure Tab posts unless requested.
  Use the Thank You and Life Preserver Buttons!
  Your signature is also great place for setup details...help us help you!
#1075454
- suzanne roelse
- Newbie
- Posts: 18
- Thanks: 0
Re: securityleaks?

Posted 10 years 8 months ago
- There is a tab 'Patchman' in my DirectAdmin
#1075484
- suzanne roelse
- Newbie
- Posts: 18
- Thanks: 0
Re: securityleaks?

Posted 10 years 8 months ago
- With the new update from Gantry 2 isseus are gone. now the system gives this information:
  
  /plugins/system/gantry/overrides/3.0/2.5/com_finder/search/default_result.php Highlight plugin allowing code injection
  more information:
  plugins/system/highlight/highlight.php in Joomla 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter.
  
  cvedetails.com/cve/CVE-2013-1453
  developer.joomla.org/security/548-201302...tion-disclosure.html
  
  /plugins/system/gantry/overrides/3.0/2.5/com_users/registration/default.php [Joomla] Clickjacking vulnerabilties
  /plugins/system/gantry/overrides/3.0/2.5/com_users/reset/complete.php [[Joomla] Clickjacking vulnerabilties
  More information:
  Joomla 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "inadequate protection".
  
  cvedetails.com/cve/CVE-2012-5827
  developer.joomla.org/security/543-201211...re-clickjacking.html
  developer.joomla.org/security/news/544-2...02-core-clickjacking
#1075503
- Stephen Cassidy
- Sr. Rocketeer
- Posts: 213
- Thanks: 13
- Webmaster - ICT Manager
Re: securityleaks?

Posted 10 years 8 months ago
- Hi All,
  
  For the first time I have also received two messages from my hosting provider with the very same information. I am located in The Netherlands using hosting www.antagonist.nl . They say its [Joomla] Clickjacking-vunarability XSS in plugin system gantry overrides com_users, default login, in users login, default registration and users registration, and in com_finder search. I have been using this hosting for 14 years now and they have only sent me one message before this one. They have given me 14 days to fix the issue.
  I'll look around later a bit more into it. Taking a break now been working all day
  
  Stephen
- The more I practice, the luckier I get...
#1075561
- Andy Miller
- Preeminent Rocketeer
- Posts: 9919
- Thanks: 96
- Web Kahuna
Re: securityleaks?

Posted 10 years 8 months ago
- Is there a specific security script you are running to get these reports? It would be great if we could run them ourselves to better help identify what is triggering these notices. Our overrides are based on ones that are much later than 2.5.8 so really am not sure why this script is thinking there is a vulnerability from <= 2.5.8. Thanks.
#1075655