Warning on security leaks

Questions related to the configuration of Joomla, Templates, and Security related questions/issues
Post a reply
Rate this topic: Evaluations: 0, 0.00 on the average.Evaluations: 0, 0.00 on the average.Evaluations: 0, 0.00 on the average.Evaluations: 0, 0.00 on the average.Evaluations: 0, 0.00 on the average.Evaluations: 0, 0.00 on the average.
GK User
Sat Mar 22, 2014 3:33 pm
Since i've installed Gavick themes on my webspace the provider sends me warning on possible security leaks:
The provider: Antagonist in The Netjerlands

My themes installed (both Joomla 3 : Joomla! 3.2.3 Stable [ Ember ] 6-March-2014 14:30 GMT:)
Simplicity
Cloudhost

Warnings:
Joomla Clickjacking vulnerabilties: type XSS Files:
......./templates/gk_simplicity/html/com_users/profile/edit.php
....../templates/gk_cloudhost/html/com_users/profile/edit.php

Highlight plugin susceptible to code injection : Type Code injection Files:
....../templates/gk_simplicity/html/com_finder/search/default_result.php
....../templates/gk_cloudhost/html/com_finder/search/default_result.php

Please advise
User avatar
Fresh Boarder
GK User
Sat Mar 22, 2014 7:04 pm
Hi,
very strange... they are based on default Joomla files.
If you feel don't conformable you don't have to use those files - no problem - just delete them or rename.
I have some suppositions and on Monday I will ask our developer.
User avatar
Platinum Boarder
GK User
Tue Apr 01, 2014 9:03 pm
I received the same warnings from my host Antagonist. I use Joomla 3.11 and I have the gk_simplicity template installed as well.

Strange warning.



gp6304 wrote:Since i've installed Gavick themes on my webspace the provider sends me warning on possible security leaks:
The provider: Antagonist in The Netjerlands

My themes installed (both Joomla 3 : Joomla! 3.2.3 Stable [ Ember ] 6-March-2014 14:30 GMT:)
Simplicity
Cloudhost

Warnings:
Joomla Clickjacking vulnerabilties: type XSS Files:
......./templates/gk_simplicity/html/com_users/profile/edit.php
....../templates/gk_cloudhost/html/com_users/profile/edit.php

Highlight plugin susceptible to code injection : Type Code injection Files:
....../templates/gk_simplicity/html/com_finder/search/default_result.php
....../templates/gk_cloudhost/html/com_finder/search/default_result.php

Please advise
User avatar
Fresh Boarder
GK User
Tue Apr 01, 2014 10:27 pm
temporary you can rename those files names.
We still checking it.
User avatar
Platinum Boarder
GK User
Mon May 12, 2014 10:53 am
Any news on this?

My hoster gives me the same warnings.. For the same files.

kind regards,

Mark.
User avatar
Fresh Boarder
GK User
Wed May 14, 2014 8:40 am
yes and no,
because we merged those files and there wasn't any "holes/changes".
but I want to make a experiment but I need access to your Joomla back-end.
User avatar
Platinum Boarder
GK User
Fri Jul 18, 2014 7:53 am
I've also renamed my files to "close" the warings from my hosting provider (Also in NL Antagonist).
Maybe the dicovered files are patched in the sources Joomla version?
The provider is using some scripts to check versions.....
User avatar
Fresh Boarder
GK User
Mon Jul 28, 2014 12:08 pm
snarf007 wrote:I've also renamed my files to "close" the warings from my hosting provider (Also in NL Antagonist).
Maybe the dicovered files are patched in the sources Joomla version?
The provider is using some scripts to check versions.....


/templates/gk_creativity/html/com_finder/search/default_result.php Nieuw [Joomla] Highlight-plugin vatbaar voor code-injectie Code-injectie Sat Jul 26 2014 03:07:28
/templates/gk_creativity/html/com_users/profile/edit.php Nieuw [Joomla] Clickjacking-kwetsbaarheden XSS Sat Jul 26 2014 03:07:28

Got a quick install of creativity running on a http://www.webartik.nl. Can grant access if you still need a sample environment?
User avatar
Fresh Boarder
GK User
Thu Jul 31, 2014 9:04 pm
I have kind of the same warnings from Antagonist, concerning the Joomla GAME template


[Joomla] Clickjacking-kwetsbaarheden XSS //public_html/templates/gk_game/html/com_users/profile/edit.php

[Joomla] Highlight-plugin vatbaar voor code-injectie Code-injectie //public_html/templates/gk_game/html/com_finder/search/default_result.php

Maybe Antagonist has a strange leak search?
User avatar
Fresh Boarder
GK User
Thu Sep 11, 2014 1:33 pm
All,
I assume you cipied the "overrides" from a provious version of J3. I expect that the provider (Antagonist) is checking and compare Joomla core files agains current stable version.

Not sure, but thats my guess ..
User avatar
Fresh Boarder
GK User
Thu Sep 11, 2014 9:51 pm
If you don't feel conformable with those files, you can delete them, they should not destroy your template appearance.
But of course check before if there is a new version of template and use it.

Do not use torrent/warez templates they almost always have hidden content.
User avatar
Platinum Boarder
GK User
Fri Sep 12, 2014 8:44 am
Oscar E wrote:If you don't feel conformable with those files, you can delete them, they should not destroy your template appearance.
But of course check before if there is a new version of template and use it.

Do not use torrent/warez templates they almost always have hidden content.


Will delete the files after backup :)
Ans torrent/warez isn't my thing. Have a membership!
User avatar
Fresh Boarder
GK User
Fri Sep 12, 2014 9:55 am
Sure, it was general warning - info, not for you :)
User avatar
Platinum Boarder
Post a reply
cron