Author Topic: Critical bug in virtuemart 1.1.4 to 1.1.9 mail attack  (Read 3287 times)

inode64

  • Beginner
  • *
  • Posts: 14
    • INODE64 - Alternativas Informaticas
  • Skype Name: inode64
Critical bug in virtuemart 1.1.4 to 1.1.9 mail attack
« on: March 13, 2014, 23:46:58 pm »
with add this url to website

/index2.php?page=shop.recommend&product_id=1&tmpl=component&option=com_virtuemart

A form is displayed, complete the fields and mail send!!!!
I check which multiple website and versions

to solve edit file:

/administrator/components/com_virtuemart/html/shop.recommend.php

and remove this lines to solve the bug.

Code: [Select]
include_once(CLASSPATH.'ps_communication.php');

$vm_mainframe->addStyleSheet( 'templates/'. $mainframe->getTemplate() );

if( empty( $_POST['submit'] ) || !$ok ) {
        $mainframe->setPageTitle( $VM_LANG->_('VM_RECOMMEND_FORM_LBL') );
        echo '<h3>'.$VM_LANG->_('VM_RECOMMEND_FORM_LBL').'</h3>';

        ps_communication::showRecommendForm($product_id);
}
else {
        $mainframe->setPageTitle( $VM_LANG->_('VM_RECOMMEND_FORM_LBL') );
        echo '<span class="contentheading">'. $VM_LANG->_('VM_RECOMMEND_DONE').' '. shopMakeHtmlSafe(vmGet($_POST,'recipient_mail')).'</span> <br />
                <br />
                <br />
                <a href="javascript:window.close();">
                <span class="small">'. $VM_LANG->_('PROMPT_CLOSE') .'</span>
                </a>';

}

stinga

  • Contributing Developer
  • Sr. Member
  • *
  • Posts: 872
    • Squangle ltd
Re: Critical bug in virtuemart 1.1.4 to 1.1.9 mail attack
« Reply #1 on: March 22, 2014, 14:44:38 pm »
If you don't use the recommend feature, you could just rename the file.
I have just done this, not sure what else might break though.
If I don't post on this thread again then you know it probably safe to rename/delete the file.
Stinga.
614869 products in 747 categories with 15749 products in 1 category.
                                             Document Complete   Fully Loaded
                Load Time First Byte Start Render   Time      Requests      Time      Requests
First View     2.470s     0.635s     1.276s          2.470s       31            2.470s      31
Repeat View  1.064s     0.561s     1.100s          1.064s       4             1.221s       4

AH

  • Global Moderator
  • Sr. Member
  • *
  • Posts: 2512
  • VirtueMart Version: 3.0.19.8
Re: Critical bug in virtuemart 1.1.4 to 1.1.9 mail attack
« Reply #2 on: March 22, 2014, 17:30:52 pm »
I think this is a very old issue but worth noting just in case

I replace the code with this one below to prevent misuse (of course no-one can recommend but I did not need that function)

Code: [Select]
<?php 
if( !defined'_VALID_MOS' ) && !defined'_JEXEC' ) ) die( 'Direct Access to '.basename(__FILE__).' is not allowed.' ); 

header('Location: http://www.yoursite/');
exit;

?>

regards
A

Joomla 3.6.5
php 7