[SOLVED] possible vulnerability - was server issue

[veki]

Hello, I test VMart 3.X on Joomla with the following envrionment specs:
PHP Built On    
Database Version    5.5.40
Database Collation    latin1_swedish_ci
PHP Version    5.4.34
Web Server    Apache
WebServer to PHP Interface    cgi-fcgi
Joomla! Version    Joomla! 3.3.5 Stable [ Ember ] 30-September-2014 14:00 GMT
Joomla! Platform Version    Joomla Platform 13.1.0 Stable [ Curiosity ] 24-Apr-2013 00:00 GMT
VMart 3.0.4
When I log in as user at the stage when I have to register after adding item to my cart  I got message.
Can we consider it as intrusion? Not needed to say that I do have not anything with that company and their page.
Thanks,

Veki

[jenkinhill]

So you have custom 404 page - possibly as part of your Joomla template?

[veki]

Hello,

We have never had that page before and that mobile company which is on the page is not producer/developer of template.
Any other thougths?
Thanks,
Veki

[veki]

I checked about error 404 handling and I can confirm thta VMart is doing error 404 handling

You can see source of the page that I attached in my first mail as screenshot:
http://pastebin.com/WA6QPr0z

thanks,

veki

[GJC Web Design]

It is certainly nothing to do with joomla or Vm --

u have 2 problems here - 1. when u try to login you get a 404 .. try with all sef off

2. the 404 page showing is either a hack or is more probably part of your template

[jenkinhill]

Yeah, the page code pasted is from a WP site..........

[veki]

The 404 page showed appears on the screen after logging of user after adding product to cart.  I tried even with admin account and it happens even if admin is logged in already and admin added product in cart.

Since there is possibility of compromised site I started this topic.
If you checked the source code that I provided pastebin.com link you will notice that the page is not part of template.

Thanks

[veki]

Indeed, since code is from wp site that is not error 404 handling page.
Thus, I suspect that there is vulnerability issue.
Please advise

Thanks,

veki

[jenkinhill]

That does not look like a vulnerability. Check any redirects you have set up, could be in .htaccess, Joomla's redirect component, error handling plugin etc.  The one thing you have not posted is the url of the 404, which will be displayed in your browser.

[veki]

There are no any redirects set up.

The url with that page is not external. The url stays within Joomla/Vmart installation.

Thanks,

Veki

[GJC Web Design]

but as you won't tell anybody what it is - the url to your site or the actual 404 page then I'm afraid interest in helping you will soon evaporate

and you still aren't doing anything about the problem that when u login YOU get a 404.. have you tried with all SEF off - some urls? 
or is it a state secret?

[veki]

Hello,

URL is
http://smeitss.mycpanel.rs/test/index.php/en/knjizara
You can click on icons that show cover page of the books to be sold.
Please send me pm if you want me to create account for you.
Thanks,

Veki

[Jörgen]

Hello I tried to make a purchase, but couldn´t set up a user account.
But I did get a security warning from my browser that sais that You only have a security certificat that is made for esteh.net.
You have probably some cross user account issues on Your shared server.

I would talk to my host about this.

regards

Jörgen @ Kreativ Fotografi

[veki]

Dear Jurgen,
Thanks a lot, You are right. I talked with hosting company and exactly it was the case of receiving other pages that do not belong to my account.
Veki

[Jörgen]

Hello Veki

Nice to hear that it has been solved

Regards

Jörgen @ Kreativ Fotografi