News:

Looking for documentation? Take a look on our wiki

Main Menu

bug in media upload from admin end

Started by kailash745, September 21, 2017, 15:42:28 PM

Previous topic - Next topic

kailash745

Regarding the stored XSS (cross-site scripting) vulnerability found in  "Virtuemart " because of improper validation of user input. Kindly fix this issue asap and do review the code of other fields too in the application. 

Vulnerability Risks : Hijacking another user's browser ; Pseudo defacement of the application ; Directed delivery of browser-based exploits  and many more.

NOTE : Please fix both the reported issues asap (XSS and unrestricted file upload). As, in the past because of these vulnerabilities were completely defaced by the attackers.


step1: goto virtuemart product/category in back end
step2: click on upload image section
step3: upload any file even script file also uploaded (.php)

franzpeter

Do you mean that for serious? How do you want to sell downloadable products like extensions or other things from a shop? Those files need to get stored somehow. It is your decision, what you upload in Backend via Media manager. You are the shop owner.

AH

How did the "attackers" get access to your admin area?

This seems nonsense to "blame" vm

Surely they could have just done FTP also.
Regards
A

Joomla 3.10.11
php 8.0

Milbo

kailash745 it is a matter of permission.

We have two permissions for this matter. In English they are called

"Allow all kind of files, instead of only images and safe types"
"Media potential trusted"

The first is the vm filter, which just checks for filetypes. This is necessary, when you want to sell zips containing php. The second is the joomla filter. Both rights should be set to allowed for Superadministrators. But of course they should be set to "not allowed" for non admins.

So I dont see a security issue here. When a shop allows users to upload media in vm, it is a multivendorshop and the rights should be set correctly, of course. When the shop allows to upload media for a product, then these are 3rd party products. They may use our upload, when they do it, as long the rights are set correctly, anything should be safe.

When you install a fresh store, the rigts are set correctly, so I dont see a problem here.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/