Acunetix Web Vulnerability Scanner high vulnerability alert

Discussion regarding Joomla! security issues.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
Smile
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 158
Joined: Sun Oct 09, 2005 7:45 pm

Acunetix Web Vulnerability Scanner high vulnerability alert

Post by Smile » Wed Mar 26, 2008 12:07 pm

Hi, I tried Acunetix Web Vulnerability Scanner v5 on my clean joomla 1.0.15 install.

I got High Vulnerability alert: I was thinking Joomla was more secure??

Blind SQL/XPath injection:

The POST variable text is vulnerable
/component/option,com_contact/Itemid,3/

The POST variable op is vulnerable
/component/option,com_contact/Itemid,42/

The POST variable name is vulnerable
/component/option,com_contact/Itemid,99999999/

The post variable task is vulnerable
/content/category/1/17/2/

The post variable task is vulnerable
/content/category/5/15/32/

The post variable task is vulnerable
/content/category/5/15/37/

The post variable task is vulnerable
/content/category/5/16/32/
/content/category/5/16/37/

The post variable task is vulnerable

The GET variable submit is vulnerable
/index.php

Smile
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 158
Joined: Sun Oct 09, 2005 7:45 pm

Re: Acunetix Web Vulnerability Scanner high vulnerability alert

Post by Smile » Wed Mar 26, 2008 12:08 pm

Try the scanner on your site too, can theese problems be fixed and how?

http://www.acunetix.com/cross-site-scri ... canner.htm

kardinol
I've been banned!
Posts: 29
Joined: Sun Aug 18, 2013 11:23 am

Re: Acunetix Web Vulnerability Scanner high vulnerability al

Post by kardinol » Sat Aug 09, 2014 8:53 pm

"The issues detected were of major impact. If users/hackers would have found the security holes, they could have hacked an entire Joomla! site." - Robin Muilwijk, member of the Quality and Testing Team, Joomla!

Code: Select all

http://www.acunetix.com/blog/case-studies/joomla/

User avatar
Tonie
Joomla! Master
Joomla! Master
Posts: 16584
Joined: Thu Aug 18, 2005 7:13 am

Re: Acunetix Web Vulnerability Scanner high vulnerability al

Post by Tonie » Sat Aug 09, 2014 9:20 pm

This post was more than six years old.

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14689
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Acunetix Web Vulnerability Scanner high vulnerability al

Post by mandville » Sat Aug 09, 2014 10:54 pm

Topic locked due to age relevance
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}


Locked

Return to “Security - 1.0.x”