Dear anyone have has any idea about below info:
Joomla: 2.5.11
An unidentified vulnerability was found at: "http://example.com/index.php", using HTTP method POST. The sent post-data was: "...task=d'kc"z'gj'"**5*(((;-*`)...". This vulnerability was found in the requests with ids 164, 171 to 172.
==================================
POST http://example.com/index.php HTTP/1.1
Accept-Encoding: gzip
Accept: */*
User-Agent: HIDDEN
Host: example.com
Cookie: 7fae8192b9dd098b18886c429a1f40c1=nhk7cr3ho12bksr89o7vg2k842;
Content-Type: application/x-www-form-urlencoded
username=&task=user.login&return=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVuCZ2aWV3PWZlYXR1cmVkJkl0ZW1pZD0xMDE%3D&option=com_users&355fc372be8c586bfb0eed090bd9db=1&password=&Submit=Log%20in
Unidentified vulnerability in index.php
Moderators: mandville, General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
-
JommFoss
- Joomla! Intern
- Posts: 69
- Joined: Wed Mar 13, 2013 12:22 pm
-
JommFoss
- Joomla! Intern
- Posts: 69
- Joined: Wed Mar 13, 2013 12:22 pm
Re: Unidentified vulnerability in index.php
This is another one:
An unidentified vulnerability was found at: "http://example.com/index.php", using HTTP method POST. The sent post-data was: "Itemid=101&task=search&option=d'kc"z'gj'"%2A%2A5%2A(((%3B-%2A%60)&searchword=Search%20Here...".
An unidentified vulnerability was found at: "http://example.com/index.php", using HTTP method POST. The sent post-data was: "Itemid=101&task=search&option=d'kc"z'gj'"%2A%2A5%2A(((%3B-%2A%60)&searchword=Search%20Here...".
-
JommFoss
- Joomla! Intern
- Posts: 69
- Joined: Wed Mar 13, 2013 12:22 pm
Re: Unidentified vulnerability in index.php
May I ask you is ther any bug inside the index.php?!!!
-
mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: Unidentified vulnerability in index.php
can i ask you what scanner you were using and then go to the developer of that scanner for interpretation of the results.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
-
JommFoss
- Joomla! Intern
- Posts: 69
- Joined: Wed Mar 13, 2013 12:22 pm
Re: Unidentified vulnerability in index.php
This is the Raw acces ( log file)
Code: Select all
[IP] - - [DATE:03:44:54 -0600] "POST /index.php HTTP/1.1" 200 393 "-" "[AGENT NAME]"
[
[IP] - - [DATE:03:44:59 -0600] "POST /index.php HTTP/1.1" 200 1432 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:00 -0600] "POST /index.php HTTP/1.1" 500 1781 "-" "[AGENT NAME]"
[IP] - - [DATE:03:44:59 -0600] "POST /index.php HTTP/1.1" 200 472 "-" "[AGENT NAME]"
[IP] - - [DATE:03:44:59 -0600] "POST /index.php HTTP/1.1" 404 1434 "-" "[AGENT NAME]"
[IP] - - [DATE:03:44:59 -0600] "POST /index.php HTTP/1.1" 200 1413 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:00 -0600] "POST /index.php HTTP/1.1" 500 1525 "-" "[AGENT NAME]"
[IP] - - [DATE:03:44:59 -0600] "POST /index.php HTTP/1.1" 404 1261 "-" "[AGENT NAME]"
[IP] - - [DATE:03:44:59 -0600] "POST /index.php HTTP/1.1" 200 664 "-" "[AGENT NAME]"
[IP] - - [DATE:03:44:59 -0600] "POST /index.php HTTP/1.1" 200 2456 "-" "[AGENT NAME]"
[IP] - - [DATE:03:44:59 -0600] "POST /index.php HTTP/1.1" 200 901 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:00 -0600] "POST /index.php HTTP/1.1" 404 2202 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:04 -0600] "GET /index.php?searchword=dfTnN&searchphrase=all&Itemid=101&option=com_search HTTP/1.1" 200 5229 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:05 -0600] "POST /index.php HTTP/1.1" 303 389 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:06 -0600] "GET /index.php?searchword=SGqH%22qH%27qH%28qH%29SG&searchphrase=all&Itemid=101&option=com_search HTTP/1.1" 200 5269 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:07 -0600] "POST /index.php HTTP/1.1" 303 406 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:07 -0600] "POST /index.php HTTP/1.1" 303 444 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:07 -0600] "POST /index.php HTTP/1.1" 303 432 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:08 -0600] "GET /index.php?searchword=fake_alert%28%22cJYL%22%29&searchphrase=all&Itemid=101&option=com_search HTTP/1.1" 200 5272 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:08 -0600] "GET /index.php?searchword=fake_alert%28String.fromCharCode%28cJYL%29%29&searchphrase=all&Itemid=101&option=com_search HTTP/1.1" 200 5343 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:08 -0600] "GET /index.php?searchword=a%3D%2FcJYL%2F%20fake_alert%28a.source%29&searchphrase=all&Itemid=101&option=com_search HTTP/1.1" 200 5328 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:10 -0600] "POST /index.php HTTP/1.1" 200 5247 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:11 -0600] "POST /index.php HTTP/1.1" 500 1189 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:11 -0600] "POST /index.php HTTP/1.1" 500 1184 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:11 -0600] "POST /index.php HTTP/1.1" 200 5296 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:12 -0600] "POST /index.php HTTP/1.1" 404 1069 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:13 -0600] "POST /index.php HTTP/1.1" 404 1080 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:13 -0600] "POST /index.php HTTP/1.1" 404 1093 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:13 -0600] "POST /index.php HTTP/1.1" 404 1099 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:14 -0600] "POST /index.php HTTP/1.1" 303 385 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:15 -0600] "GET /index.php?searchword=Search%20Here...&searchphrase=all&Itemid=8&option=com_search HTTP/1.1" 200 5528 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:16 -0600] "POST /index.php HTTP/1.1" 303 415 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:16 -0600] "POST /index.php HTTP/1.1" 303 447 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:16 -0600] "POST /index.php HTTP/1.1" 303 434 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:17 -0600] "GET /index.php?searchword=Search%20Here...&searchphrase=all&Itemid=5&option=com_search HTTP/1.1" 200 5529 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:17 -0600] "GET /index.php?searchword=Search%20Here...&searchphrase=all&Itemid=5&option=com_search HTTP/1.1" 200 5529 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:17 -0600] "GET /index.php?searchword=Search%20Here...&searchphrase=all&Itemid=5&option=com_search HTTP/1.1" 200 5529 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:18 -0600] "POST /index.php HTTP/1.1" 200 406 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:19 -0600] "POST /index.php HTTP/1.1" 200 449 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:19 -0600] "POST /index.php HTTP/1.1" 200 436 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:19 -0600] "POST /index.php HTTP/1.1" 200 455 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:19 -0600] "POST /index.php HTTP/1.1" 200 406 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:20 -0600] "POST /index.php HTTP/1.1" 200 436 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:20 -0600] "POST /index.php HTTP/1.1" 200 449 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:20 -0600] "POST /index.php HTTP/1.1" 200 455 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:47 -0600] "GET /index.php?searchword=Search%20Here...&searchphrase=all&Itemid=101&option=com_search HTTP/1.1" 200 5237 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:47 -0600] "GET / HTTP/1.1" 200 6804 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:48 -0600] "POST /index.php HTTP/1.1" 200 412 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:49 -0600] "POST /index.php HTTP/1.1" 200 399 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:54 -0600] "POST /index.php HTTP/1.1" 303 391 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:54 -0600] "GET /index.php?searchword=49%22%20OR%20%2249%22%3D%2249&searchphrase=all&Itemid=101&option=com_search HTTP/1.1" 200 5284 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:55 -0600] "POST /index.php HTTP/1.1" 303 393 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:56 -0600] "GET /index.php?searchword=49%22%20AND%20%2249%22%3D%2250&searchphrase=all&Itemid=101&option=com_search HTTP/1.1" 200 5286 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:56 -0600] "POST /index.php HTTP/1.1" 303 363 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:57 -0600] "GET /index.php?searchword=d%27z%270&searchphrase=all&Itemid=101&option=com_search HTTP/1.1" 200 5241 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:58 -0600] "POST /index.php HTTP/1.1" 303 391 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:59 -0600] "GET /index.php?searchword=15%22%20OR%20%2215%22%3D%2215&searchphrase=all&Itemid=101&option=com_search HTTP/1.1" 200 5282 "-" "[AGENT NAME]"
[IP] - - [DATE:03:45:59 -0600] "POST /index.php HTTP/1.1" 303 393 "-" "[AGENT NAME]"
[IP] - - [DATE:03:46:00 -0600] "GET /index.php?searchword=15%22%20AND%20%2215%22%3D%2216&searchphrase=all&Itemid=101&option=com_search HTTP/1.1" 200 5282 "-" "[AGENT NAME]"
[IP] - - [DATE:03:46:01 -0600] "POST /index.php HTTP/1.1" 303 391 "-" "[AGENT NAME]"
[IP] - - [DATE:03:46:02 -0600] "GET /index.php?searchword=49%27%20OR%20%2749%27%3D%2749&searchphrase=all&Itemid=101&option=com_search HTTP/1.1" 200 5274 "-" "[AGENT NAME]"
[IP] - - [DATE:03:46:03 -0600] "POST /index.php HTTP/1.1" 303 393 "-" "[AGENT NAME]"
[IP] - - [DATE:03:46:03 -0600] "GET /index.php?searchword=49%27%20AND%20%2749%27%3D%2750&searchphrase=all&Itemid=101&option=com_search HTTP/1.1" 200 5277 "-" "[AGENT NAME]"
[IP] - - [DATE:03:46:04 -0600] "POST /index.php HTTP/1.1" 303 363 "-" "[AGENT NAME]"
[IP] - - [DATE:03:46:05 -0600] "GET /index.php?searchword=d%27z%270&searchphrase=all&Itemid=101&option=com_search HTTP/1.1" 200 5241 "-" "[AGENT NAME]"
[IP] - - [DATE:03:46:06 -0600] "POST /index.php HTTP/1.1" 303 385 "-" "[AGENT NAME]"
[IP] - - [DATE:03:46:07 -0600] "GET /index.php?searchword=1%27%20OR%20%271%27%3D%271&searchphrase=all&Itemid=101&option=com_search HTTP/1.1" 200 5264 "-" "[AGENT NAME]"
[IP] - - [DATE:03:46:08 -0600] "POST /index.php HTTP/1.1" 303 406 "-" "[AGENT NAME]"
-
JommFoss
- Joomla! Intern
- Posts: 69
- Joined: Wed Mar 13, 2013 12:22 pm
Re: Unidentified vulnerability in index.php
Will PM to you....mandville wrote:can i ask you what scanner you were using and then go to the developer of that scanner for interpretation of the results.
-
mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: Unidentified vulnerability in index.php
not sure why you sent me a PM but still.
i will repeat my original comment of " go to the developer of that scanner for interpretation of the results."
such tools are normally so "vague" that their results can be missleading. if you look at what the index.php file source actually contains you will understand why. scanning tools are usually their own worst enemies
i will repeat my original comment of " go to the developer of that scanner for interpretation of the results."
such tools are normally so "vague" that their results can be missleading. if you look at what the index.php file source actually contains you will understand why. scanning tools are usually their own worst enemies
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
