Wrong vulnerability report - Joomla! Forum - community, help and support
hi,
i'm wondering "virtuemart vulnerability" published yesterday in live vel, followed unpublishing virtuemart. did google search find original vulnerability report , after reading i'm shure this not vulnerability.
it tutorial script kiddies how write lfi metasploid. able execute it, you first need super administrator rights site.
in comment below vulnerability report author himself admitted need administrator rights execute it. in other words, if call vulnerability, have unpublish whole jed , joomla itself.
see here: http://hauntit.[url banned].de/2015/01/en-v ... it_83.html
btw - author apparently did write similar 'tutorials' other joomla extensions, too. (i didn't have @ yet: http://hauntit.[url banned].de/2014/12/en-v ... ugins.html
i'm wondering "virtuemart vulnerability" published yesterday in live vel, followed unpublishing virtuemart. did google search find original vulnerability report , after reading i'm shure this not vulnerability.
it tutorial script kiddies how write lfi metasploid. able execute it, you first need super administrator rights site.
in comment below vulnerability report author himself admitted need administrator rights execute it. in other words, if call vulnerability, have unpublish whole jed , joomla itself.
see here: http://hauntit.[url banned].de/2015/01/en-v ... it_83.html
btw - author apparently did write similar 'tutorials' other joomla extensions, too. (i didn't have @ yet: http://hauntit.[url banned].de/2014/12/en-v ... ugins.html
the reason why virtuemart listed in live vel not due 'exploit', mention in vel listing 'by way'. agree quite hard exploit, though might possible part of 'brute force' attack on admin password system.
the reason why virtuemart listed in vel due dumb mistake in virtuemart configuration. sorry blunt there no other word it.
in virtuemart configuration helper uses php ini_set() function turn on php error reporting, when turned off in both initial php configuration , in joomla admin. in fact result becomes impossible turn off php error reporting on site. line of code line 583 of configuration helper file.
this serious security issue, see example https://www.owasp.org/index.php/full_path_disclosure discussion of this.
frankly not think virtuemart ought overriding php error reporting settings @ all. if site admin wants can in joomla configuration or php.ini . if don't know how should not doing it.
the reason why virtuemart listed in vel due dumb mistake in virtuemart configuration. sorry blunt there no other word it.
in virtuemart configuration helper uses php ini_set() function turn on php error reporting, when turned off in both initial php configuration , in joomla admin. in fact result becomes impossible turn off php error reporting on site. line of code line 583 of configuration helper file.
code: select all
ini_set('display_errors', '1');this serious security issue, see example https://www.owasp.org/index.php/full_path_disclosure discussion of this.
frankly not think virtuemart ought overriding php error reporting settings @ all. if site admin wants can in joomla configuration or php.ini . if don't know how should not doing it.
Comments
Post a Comment