[SOLVED] possible vulnerability - was server issue

Started by veki, February 19, 2015, 14:59:47 PM

Previous topic - Next topic

veki

Hello, I test VMart 3.X on Joomla with the following envrionment specs:
PHP Built On    
Database Version    5.5.40
Database Collation    latin1_swedish_ci
PHP Version    5.4.34
Web Server    Apache
WebServer to PHP Interface    cgi-fcgi
Joomla! Version    Joomla! 3.3.5 Stable [ Ember ] 30-September-2014 14:00 GMT
Joomla! Platform Version    Joomla Platform 13.1.0 Stable [ Curiosity ] 24-Apr-2013 00:00 GMT
VMart 3.0.4
When I log in as user at the stage when I have to register after adding item to my cart  I got message.
Can we consider it as intrusion? Not needed to say that I do have not anything with that company and their page.
Thanks,

Veki

jenkinhill

So you have custom 404 page - possibly as part of your Joomla template?
Kelvyn
Lowestoft, Suffolk, UK

Retired from forum life November 2023

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

veki

Hello,

We have never had that page before and that mobile company which is on the page is not producer/developer of template.
Any other thougths?
Thanks,
Veki

veki

I checked about error 404 handling and I can confirm thta VMart is doing error 404 handling

You can see source of the page that I attached in my first mail as screenshot:
http://pastebin.com/WA6QPr0z

thanks,

veki

GJC Web Design

It is certainly nothing to do with joomla or Vm --

u have 2 problems here - 1. when u try to login you get a 404 .. try with all sef off

2. the 404 page showing is either a hack or is more probably part of your template
GJC Web Design
VirtueMart and Joomla Developers - php developers https://www.gjcwebdesign.com
VM4 AusPost Shipping Plugin - e-go Shipping Plugin - VM4 Postcode Shipping Plugin - Radius Shipping Plugin - VM4 NZ Post Shipping Plugin - AusPost Estimator
Samport Payment Plugin - EcomMerchant Payment Plugin - ccBill payment Plugin
VM2 Product Lock Extension - VM2 Preconfig Adresses Extension - TaxCloud USA Taxes Plugin - Virtuemart  Product Review Component
https://extensions.joomla.org/profile/profile/details/67210
Contact for any VirtueMart or Joomla development & customisation

jenkinhill

Yeah, the page code pasted is from a WP site..........
Kelvyn
Lowestoft, Suffolk, UK

Retired from forum life November 2023

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

veki

The 404 page showed appears on the screen after logging of user after adding product to cart.  I tried even with admin account and it happens even if admin is logged in already and admin added product in cart.

Since there is possibility of compromised site I started this topic.
If you checked the source code that I provided pastebin.com link you will notice that the page is not part of template.

Thanks

veki

Indeed, since code is from wp site that is not error 404 handling page.
Thus, I suspect that there is vulnerability issue.
Please advise

Thanks,

veki

jenkinhill

That does not look like a vulnerability. Check any redirects you have set up, could be in .htaccess, Joomla's redirect component, error handling plugin etc.  The one thing you have not posted is the url of the 404, which will be displayed in your browser.
Kelvyn
Lowestoft, Suffolk, UK

Retired from forum life November 2023

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

veki

There are no any redirects set up.

The url with that page is not external. The url stays within Joomla/Vmart installation.

Thanks,

Veki

GJC Web Design

but as you won't tell anybody what it is - the url to your site or the actual 404 page then I'm afraid interest in helping you will soon evaporate

and you still aren't doing anything about the problem that when u login YOU get a 404.. have you tried with all SEF off - some urls? 
or is it a state secret?
GJC Web Design
VirtueMart and Joomla Developers - php developers https://www.gjcwebdesign.com
VM4 AusPost Shipping Plugin - e-go Shipping Plugin - VM4 Postcode Shipping Plugin - Radius Shipping Plugin - VM4 NZ Post Shipping Plugin - AusPost Estimator
Samport Payment Plugin - EcomMerchant Payment Plugin - ccBill payment Plugin
VM2 Product Lock Extension - VM2 Preconfig Adresses Extension - TaxCloud USA Taxes Plugin - Virtuemart  Product Review Component
https://extensions.joomla.org/profile/profile/details/67210
Contact for any VirtueMart or Joomla development & customisation

veki

Hello,

URL is
http://smeitss.mycpanel.rs/test/index.php/en/knjizara
You can click on icons that show cover page of the books to be sold.
Please send me pm if you want me to create account for you.
Thanks,

Veki

Jörgen

Hello I tried to make a purchase, but couldn´t set up a user account.
But I did get a security warning from my browser that sais that You only have a security certificat that is made for esteh.net.
You have probably some cross user account issues on Your shared server.

I would talk to my host about this.

regards

Jörgen @ Kreativ Fotografi
Joomla 3.9.18
Virtuemart 3.4.x
Olympiantheme Hera (customized)
This reflects current status when viewing old post.

veki

Dear Jurgen,
Thanks a lot, You are right. I talked with hosting company and exactly it was the case of receiving other pages that do not belong to my account.
Veki

Jörgen

Hello Veki

Nice to hear that it has been solved :)

Regards

Jörgen @ Kreativ Fotografi
Joomla 3.9.18
Virtuemart 3.4.x
Olympiantheme Hera (customized)
This reflects current status when viewing old post.