Notice

The forum is in read only mode.

Support Forum

Welcome! Support Forums have been reactivated

Security bugs

1 year 5 months ago
  • Antonio's Avatar
    Topic Author
  • Antonio
  • Offline
  • Fresh Boarder
  • Posts: 13
  • Thank you received: 1
Licenses:
JomSocial Active

I-O-I

1 year 5 months ago
Licenses:

HI, Antonio.

Thank you for contacting us.
I can't replicate this on our site: prntscr.com/hqeapc
URL looks strange, how to you achieve this?
Anyway, that's not a bug or even security issue. Joomla! requirements are openly know: downloads.joomla.org/technical-requirements
Joomla! needs MySQL database/server. And it's easy to determine if you're using Joomla! :)


- Instead of saying: 'it's not working', explain the problem in detail.
- Screenshots with the URL visible in them and the problem marked are more than welcome.
- Tell us how to replicate the problem, we can't fix it if we can't find it.
- Make sure that your site/server meets JomSocial System Requirements
- Make sure to setup JomSocial Cron Job
- Always provide us with access details to the backend and ftp. We need it to debug problems.
- If you have a similar problem, but a solution you found isn't working, open a new thread instead of 'merging' with an existing one.

- Use the "Thank You" feature on any post that helped you
1 year 5 months ago
  • Antonio's Avatar
    Topic Author
  • Antonio
  • Offline
  • Fresh Boarder
  • Posts: 13
  • Thank you received: 1
Licenses:
JomSocial Active

-`

Attachments:
1 year 5 months ago
Licenses:

HI, Antonio.

Do NOT post login credentials on forum posts - to pass confidential data you need:

1. Edit your first post.
2. Click switch below main text field: prntscr.com/fk3hdg
3. Provide your site details: backend URL, admin credentials and FTP: prntscr.com/fk3hwz
4. Let us know that you provided credentials by posting in the same thread.

I'm sorry but I do not understand that part:

"Next, type the url in the attachments"

What URL? And what "attachments" do you mean?


- Instead of saying: 'it's not working', explain the problem in detail.
- Screenshots with the URL visible in them and the problem marked are more than welcome.
- Tell us how to replicate the problem, we can't fix it if we can't find it.
- Make sure that your site/server meets JomSocial System Requirements
- Make sure to setup JomSocial Cron Job
- Always provide us with access details to the backend and ftp. We need it to debug problems.
- If you have a similar problem, but a solution you found isn't working, open a new thread instead of 'merging' with an existing one.

- Use the "Thank You" feature on any post that helped you
1 year 5 months ago
  • Antonio's Avatar
    Topic Author
  • Antonio
  • Offline
  • Fresh Boarder
  • Posts: 13
  • Thank you received: 1
Licenses:
JomSocial Active

ok, thank you. now you have my message in the private space

1 year 5 months ago
Licenses:

Hi, Antonio.

But where did you get this URL? Where it is displayed?
It's not a valid URL. It's a mix of html and URL parameters with regular URL.
If you just made it out - then it's random and issue is only result of your "experiment" :)
URL contains search query parameters passed to db. If you pass some random things, mixed code, you may expect error.


- Instead of saying: 'it's not working', explain the problem in detail.
- Screenshots with the URL visible in them and the problem marked are more than welcome.
- Tell us how to replicate the problem, we can't fix it if we can't find it.
- Make sure that your site/server meets JomSocial System Requirements
- Make sure to setup JomSocial Cron Job
- Always provide us with access details to the backend and ftp. We need it to debug problems.
- If you have a similar problem, but a solution you found isn't working, open a new thread instead of 'merging' with an existing one.

- Use the "Thank You" feature on any post that helped you
1 year 5 months ago
  • Antonio's Avatar
    Topic Author
  • Antonio
  • Offline
  • Fresh Boarder
  • Posts: 13
  • Thank you received: 1
Licenses:
JomSocial Active

I-O-I

1 year 5 months ago
Licenses:
JomSocial Active GURU Expired Publisher Expired AdAgency Expired iSEO Active

This message contains confidential information

Attachments:
1 year 5 months ago
Licenses:

HI, Guys.

Thank you for checking but... this link is not valid.
if it appears somewhere on the site - I need to know where... I mean where I can click something to see that URL.
Not to paste it as URL or search. It need to be somewhere visible.

If it's not, then I'll consider it as a humbug and randomly made by user... and won't bother anymore. Users can type any rubbish in URL :) We can't stop them doing so.


- Instead of saying: 'it's not working', explain the problem in detail.
- Screenshots with the URL visible in them and the problem marked are more than welcome.
- Tell us how to replicate the problem, we can't fix it if we can't find it.
- Make sure that your site/server meets JomSocial System Requirements
- Make sure to setup JomSocial Cron Job
- Always provide us with access details to the backend and ftp. We need it to debug problems.
- If you have a similar problem, but a solution you found isn't working, open a new thread instead of 'merging' with an existing one.

- Use the "Thank You" feature on any post that helped you
1 year 5 months ago
  • Antonio's Avatar
    Topic Author
  • Antonio
  • Offline
  • Fresh Boarder
  • Posts: 13
  • Thank you received: 1
Licenses:
JomSocial Active

Hi Michel,
The link not appears in somewhere because is a premedit attack of sql to jomsocial and it seems work fine.
The user can type any rubbish in url and the system must filter it avoiding attacks.
If you don't want to see it it's ok but jomsocial has a problem in this query.

The following user(s) said Thank You: Goran
1 year 5 months ago
Licenses:

HI, Antonio.

I rather won't call this "attack" as nothing was included into query or leaked.
Notice about SQL error is nothing :) As I said - Joomla! requirements are publicly known and it's easy to determine that you're using Joomla!
So I really do not understand what you're trying to report here...


- Instead of saying: 'it's not working', explain the problem in detail.
- Screenshots with the URL visible in them and the problem marked are more than welcome.
- Tell us how to replicate the problem, we can't fix it if we can't find it.
- Make sure that your site/server meets JomSocial System Requirements
- Make sure to setup JomSocial Cron Job
- Always provide us with access details to the backend and ftp. We need it to debug problems.
- If you have a similar problem, but a solution you found isn't working, open a new thread instead of 'merging' with an existing one.

- Use the "Thank You" feature on any post that helped you
Moderators: Piotr Garasiński
Powered by Kunena Forum

Join 180,000 websites creating Amazing communities

JomSocial is the most complete, easy-to-use addon that turns Joomla CMS into a
full -fledged, social networking site

TRY NOW BUY NOW