SVG XSS attempt on Joomla 4.2.5

Discussion regarding Joomla! 4.x security issues.

Moderators: mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Locked
flart
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Thu Nov 17, 2022 4:12 am

SVG XSS attempt on Joomla 4.2.5

Post by flart » Thu Nov 17, 2022 4:21 am

Hi, i found an XSS attack attempt to one of my websites on Joomla 4.2.5 in the redirect component logs.
Can someone check the security of Joomla 4 is ok, because i get 404 page with message once i follow the attacker link:
View not found [name, type, prefix]: svgonloadconfirmtesting-xss11, html, site
here is a query link:

site.com?q=%27>"<svg/onload=confirm(%27testing-xss1%27)>&s=%27>"<svg/onload=confirm(%27testing-xss2%27)>&search=%27>"<svg/onload=confirm(%27testing-xss3%27)>&id=%27>"<svg/onload=confirm(%27testing-xss4%27)>&action=%27>"<svg/onload=confirm(%27testing-xss5%27)>&keyword=%27>"<svg/onload=confirm(%27testing-xss6%27)>&query=%27>"<svg/onload=confirm(%27testing-xss7%27)>&page=%27>"<svg/onload=confirm(%27testing-xss8%27)>&keywords=%27>"<svg/onload=confirm(%27testing-xss9%27)>&url=%27>"<svg/onload=confirm(%27testing-xss10%27)>&view=%27>"<svg/onload=confirm(%27testing-xss11%27)>&cat=%27>"<svg/onload=confirm(%27testing-xss12%27)>&name=%27>"<svg/onload=confirm(%27testing-xss13%27)>&key=%27>"<svg/onload=confirm(%27testing-xss14%27)>&p=%27>"<svg/onload=confirm(%27testing-xss15%27)>&redirect_uri=%27>"<svg/onload=confirm(%27testing-xss15%27)>&redirect_url=%27>"<svg/onload=confirm(%27testing-xss15%27)>
Top
User avatar
pe7er
Joomla! Master
Joomla! Master
Posts: 24974
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, Netherlands
Contact:
Contact pe7er

Re: SVG XSS attempt on Joomla 4.2.5

Post by pe7er » Thu Nov 17, 2022 9:03 am

Welcome to Joomla forum!

That this entry appears in Joomla's Redirects means that the page does not exist.
You might probably also encounter a lot of records containing "wp-admin" caused by bots to fingerprint your site and test if it is WordPress and when successful, start hack attempts for known WordPress (plugin) vulnerabilities.
Kind Regards,
Peter Martin, Global Moderator
Company website: https://db8.nl/en/ - Joomla specialist, Nijmegen, Netherlands
The best website: https://the-best-website.com
Top
flart
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Thu Nov 17, 2022 4:12 am

Re: SVG XSS attempt on Joomla 4.2.5

Post by flart » Fri Nov 18, 2022 5:06 pm

Hello Pe7er, thank you for the reply.
Yes, i saw the WordPress related fingerprints, but in my case i see the "svgonloadconfirmtesting-xss11" on the page, please look on the screenshot.

I started to get worried because I saw that it was embedded in the page.
So if its safe i will ignore that.

Image
Top
User avatar
pe7er
Joomla! Master
Joomla! Master
Posts: 24974
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, Netherlands
Contact:
Contact pe7er

Re: SVG XSS attempt on Joomla 4.2.5

Post by pe7er » Sun Nov 20, 2022 10:31 am

You're welcome!

Yeah, that's not to worry about.

Your site probably has nice URLs but under the hood Joomla uses urls like
index.php?option=com_content&view=article&id=60
which will display an article with ID=60 (if it exists)

If you change the "view" with something else

Code: Select all

index.php?option=com_content&view=this-view-does-not-exist
Joomla will show:
View not found [name, type, prefix]: this-view-does-not-exist, html, site
Kind Regards,
Peter Martin, Global Moderator
Company website: https://db8.nl/en/ - Joomla specialist, Nijmegen, Netherlands
The best website: https://the-best-website.com
Top
Locked

Return to “Security in Joomla! 4.x”