Keyword

Possible security issue?

  • Carmelo Brischetto
  • Carmelo Brischetto's Avatar Topic Author
  • Offline
  • New Member
More
9 years 1 month ago #141084 by Carmelo Brischetto
Possible security issue? was created by Carmelo Brischetto
Hi guys,

the website of a friend has been hacked (I think).
I made some check and I've found this:
wssa.beyondsecurity.com/my_account/?#web632749

As you can see, some k2 files seem to be affected (i.e.: component/k2/itemlist/search.html?searchword=Cerca&categories=&format=html&t=&tpl=search).
Does anybody know how to get rid of this?

Thanks to all of you who will help me!

Please Log in or Create an account to join the conversation.

  • Krikor Boghossian
  • Krikor Boghossian's Avatar
  • Offline
  • Platinum Member
More
9 years 1 month ago #141108 by Krikor Boghossian
Replied by Krikor Boghossian on topic Possible security issue?

JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)

Please Log in or Create an account to join the conversation.

  • Carmelo Brischetto
  • Carmelo Brischetto's Avatar Topic Author
  • Offline
  • New Member
More
9 years 1 month ago #141112 by Carmelo Brischetto
Replied by Carmelo Brischetto on topic Possible security issue?
Yes, you're right.
The url is dazebaonews.it.
I'll also check for the link you posted. Thanks for answering me!

Please Log in or Create an account to join the conversation.

  • Krikor Boghossian
  • Krikor Boghossian's Avatar
  • Offline
  • Platinum Member
More
9 years 1 month ago #141118 by Krikor Boghossian
Replied by Krikor Boghossian on topic Possible security issue?
A security scan from sucuri.net/ is always helpful.

JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)

Please Log in or Create an account to join the conversation.

  • Carmelo Brischetto
  • Carmelo Brischetto's Avatar Topic Author
  • Offline
  • New Member
More
9 years 1 month ago #141119 by Carmelo Brischetto
Replied by Carmelo Brischetto on topic Possible security issue?
Already done, without finding anything...

Please Log in or Create an account to join the conversation.

  • Krikor Boghossian
  • Krikor Boghossian's Avatar
  • Offline
  • Platinum Member
More
9 years 1 month ago #141151 by Krikor Boghossian
Replied by Krikor Boghossian on topic Possible security issue?
The final thing to do is to check your php and .htaccess files manually for any code that looks suspicious.

JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)

Please Log in or Create an account to join the conversation.

More
9 years 1 month ago - 9 years 1 month ago #141160 by JoomlaWorks
Replied by JoomlaWorks on topic Possible security issue?
Why do you think the site is hacked?

First off, the supposed scan results you mention is behind a login page.

Secondly, Sucuri, which is probably the best malware scanner for websites reports NOTHING: sitecheck.sucuri.net/results/dazebaonews.it/

The search page returns valid results: dazebaonews.it/component/k2/itemlist/search.html?searchword=Cerca&categories=&format=html&t=&tpl=search

K2 has never had a security hole so please don't rush in and state that K2 was the reason your site was supposedly hacked. If it has indeed been hacked, you should first check other less known extensions for reported security issues on the Joomla VEL.

Fotis / JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)
Last edit: 9 years 1 month ago by JoomlaWorks.

Please Log in or Create an account to join the conversation.

  • Carmelo Brischetto
  • Carmelo Brischetto's Avatar Topic Author
  • Offline
  • New Member
More
9 years 1 month ago #141181 by Carmelo Brischetto
Replied by Carmelo Brischetto on topic Possible security issue?
I say that there's some problem because google sent a message about it (to my friend) telling him that probably somebody has hacked his website, after that, looking at the web audit (I think you can get it from here: wssa.beyondsecurity.com/my_account/?h=0a8bdc314e7b ) there are many Vulnerabilities in Custom Web Code, with this code:

We discovered vulnerabilities in the scripts listed below. Next to each script, there is a description of the type of attack that is possible, and the way to recreate the attack. If the attack is a simple HTTP GET request, you can usually paste it into your browser to see how it works. If it's a POST attack, the parameters for the POST request will be listed in square parenthesis.

Cross Site Scripting
URL: www.xxx.com/component/k2/itemlist/search.html?searchword=Cerca&categories=&format=html&t=&tpl=search
Affected Parameter: searchword
Vector Used: '";%0d%0aalert('a');%0d%0a"'
Pattern found: '";
alert('a');
"'
Complete Attack: www.xxx.com/component/k2/itemlist/search.html?searchword='";%0d%0aalert('a');%0d%0a"' &categories= &format=html &t= &tpl=search

I already saw Sucuri .
I'm not saying that the problem is k2 (I use it often and I never had any problem), I'm just asking if there could be something wrong with it. There are not other strange extensions installed.

Please Log in or Create an account to join the conversation.

  • Krikor Boghossian
  • Krikor Boghossian's Avatar
  • Offline
  • Platinum Member
More
9 years 1 month ago #141274 by Krikor Boghossian
Replied by Krikor Boghossian on topic Possible security issue?
I gave you several links to check with possible solutions.
Since this is not a K2 issue but a Joomla!/ security one I am afraid I can assist you any further.

JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)

Please Log in or Create an account to join the conversation.

More
8 years 4 months ago #149668 by George
Replied by George on topic Possible security issue?
Hi there,

Our Sitelok XSS Scan has detected a critical cross-site scripting vulnerability on our registration page located here: www.dominioncolour.com/registration

They say it must be corrected within 72 hours in order to maintain our certification.

Our site is hosted at GoDaddy and our plan includes Sitelok security services and our website is running on Joomla v.3.4.3 on a Linux, PHP MySQL server using K2 v2.6.9.

Here is a description of the issue from csv I downloaded:
914f68c270edd3ad3fab18aee4292574,K2UserForm,customerother,gid,id,interestother,jform[address],jform[assign],jform[city],jform[comment],jform[company],jform[country],jform[customer][0],jform[email1],jform[email2],jform[interest][0],jform[lname],jform[name],jform[password1],jform[password2],jform[phone],jform[primaryjob][0],jform[skype_name],jform[state],jform[title],jform[username],jform_consentreceive,osolCatchaTxt,osolCatchaTxtInst,primaryjobother,task

Can you please provide any insight and help in this issue.

Thank You

Please Log in or Create an account to join the conversation.


Powered by Kunena Forum