VirtueMart Forum

VirtueMart 1.1.x [ Old version - no longer supported ] => Security (https) / Performance / SEO/ SEF issues VM 1.1 => Topic started by: inode64 on March 13, 2014, 23:46:58 pm

Title: Critical bug in virtuemart 1.1.4 to 1.1.9 mail attack
Post by: inode64 on March 13, 2014, 23:46:58 pm
with add this url to website

/index2.php?page=shop.recommend&product_id=1&tmpl=component&option=com_virtuemart

A form is displayed, complete the fields and mail send!!!!
I check which multiple website and versions

to solve edit file:

/administrator/components/com_virtuemart/html/shop.recommend.php

and remove this lines to solve the bug.

Code: [Select]
include_once(CLASSPATH.'ps_communication.php');

$vm_mainframe->addStyleSheet( 'templates/'. $mainframe->getTemplate() );

if( empty( $_POST['submit'] ) || !$ok ) {
        $mainframe->setPageTitle( $VM_LANG->_('VM_RECOMMEND_FORM_LBL') );
        echo '<h3>'.$VM_LANG->_('VM_RECOMMEND_FORM_LBL').'</h3>';

        ps_communication::showRecommendForm($product_id);
}
else {
        $mainframe->setPageTitle( $VM_LANG->_('VM_RECOMMEND_FORM_LBL') );
        echo '<span class="contentheading">'. $VM_LANG->_('VM_RECOMMEND_DONE').' '. shopMakeHtmlSafe(vmGet($_POST,'recipient_mail')).'</span> <br />
                <br />
                <br />
                <a href="javascript:window.close();">
                <span class="small">'. $VM_LANG->_('PROMPT_CLOSE') .'</span>
                </a>';

}
Title: Re: Critical bug in virtuemart 1.1.4 to 1.1.9 mail attack
Post by: stinga on March 22, 2014, 14:44:38 pm
If you don't use the recommend feature, you could just rename the file.
I have just done this, not sure what else might break though.
If I don't post on this thread again then you know it probably safe to rename/delete the file.
Title: Re: Critical bug in virtuemart 1.1.4 to 1.1.9 mail attack
Post by: AH on March 22, 2014, 17:30:52 pm
I think this is a very old issue but worth noting just in case

I replace the code with this one below to prevent misuse (of course no-one can recommend but I did not need that function)

Code: [Select]
<?php 
if( !defined'_VALID_MOS' ) && !defined'_JEXEC' ) ) die( 'Direct Access to '.basename(__FILE__).' is not allowed.' ); 

header('Location: http://www.yoursite/');
exit;

?>