Blacklight detected user fields getting logged

Discussion regarding Joomla! 4.x security issues.

Moderators: mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Post Reply
gnarly
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Mon Nov 20, 2023 7:59 am

Blacklight detected user fields getting logged

Post by gnarly » Sun Mar 24, 2024 10:41 pm

I've tried to make my website "minimal user data" and I tried blacklight on it.
https://themarkup.org/blacklight
my website
https://ukjive.co.uk/index.php
is clean apart from:
On the site you are inspecting, information entered in the name, family-name, given-name fields were logged.
Blacklight detected a script loaded from ukjive.co.uk doing this on this site.

I have done a search on the code and can't find any reference to these fields and it doesn't specify which page it's on.
any ideas where to look? I have turned off autocomplete as I found a reference to this but no change.
Last edited by toivo on Mon Mar 25, 2024 12:18 am, edited 1 time in total.
Reason: mod note: retitled - please read the forum rules about appropriate subject line from https://forum.joomla.org/viewtopic.php?f=8&t=65

gnarly
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Mon Nov 20, 2023 7:59 am

Re: blacklight

Post by gnarly » Sun Mar 24, 2024 10:45 pm

Yes it says "a script" but I've got no response from blacklight so I thought a joomla genius might say "just turn this off".

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 44057
Joined: Sat Apr 05, 2008 9:58 pm

Re: blacklight

Post by Webdongle » Sun Mar 24, 2024 10:51 pm

gnarly wrote:
Sun Mar 24, 2024 10:41 pm
I've tried to make my website "minimal user data" and I tried blacklight on it.
https://themarkup.org/blacklight
my website
https://ukjive.co.uk/index.php
is clean apart from:
On the site you are inspecting, information entered in the name, family-name, given-name fields were logged.
Blacklight detected a script loaded from ukjive.co.uk doing this on this site.

I have done a search on the code and can't find any reference to these fields and it doesn't specify which page it's on.
any ideas where to look? I have turned off autocomplete as I found a reference to this but no change.
Treat as hacked is my advice
blacklight 01.JPG
viewtopic.php?f=813&t=988545
or
https://mysites.guru/
You do not have the required permissions to view the files attached to this post.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".


Post Reply

Return to “Security in Joomla! 4.x”