Welcome,
Guest
.
Please
login
or
register
.
Did you miss your
activation email
?
News:
IOS Hotels
and
IOS Rentals
online booking systems for Elxis CMS.
Home
Help
Login
Register
Elxis CMS Forum
»
General
»
News and announcements
»
Bug reports and fixes
« previous
next »
Print
Pages: [
1
]
Author
Topic: Bug reports and fixes (Read 88534 times)
datahell
Elxis Team
Hero Member
Posts: 10356
Bug reports and fixes
«
on:
September 01, 2010, 19:06:20 »
Bug report:
August 29, 2010 by
psiloscc
on
this post
.
Affects:
For sure Elxis 2009.2, and maybe 2009.1 and prior versions.
Description of the bug:
The "save" button does not get pressed in order to the set the access level of a content item.
Why this happens:
The drop down select box has 2 ID attributes, the first one is wrong and should be deleted.
Solution:
Open file
includes/Core/elxis.php
Go to line 1364 (Elxis 2009.2)
Change this:
if (!preg_match('/id\=/i', $x)) {
To this:
if (!preg_match('/id\=/i', $tag_attribs)) {
Save the file, done!
Note: this fix has been applied on Elxis 2009.3
«
Last Edit: September 20, 2010, 19:03:22 by datahell
»
Logged
Elxis Team
|
Is Open Source
|
IOS Rentals | IOS AERO
datahell
Elxis Team
Hero Member
Posts: 10356
Re: Bug reports and fixes
«
Reply #1 on:
September 01, 2010, 19:24:32 »
Bug report:
August 29, 2010 by
psiloscc
on
this post
.
Affects:
For sure Elxis 2009.2, 2009.1, 2009.0 and maybe 2008.x versions too.
Description of the bug:
The navigation does not work properly on the view banner clients page in Elxis administration.
Why this happens:
The value for the form's "task" parameter is empty.
Solution:
Open file
administrator/components/com_banners/admin.banners.html.php
Go to line 357 (Elxis 2009.2)
Change this:
<input type="hidden" name="task" value="" />
To this:
<input type="hidden" name="task" value="listclients" />
Save the file, done!
Note: this fix has been applied on Elxis 2009.3
«
Last Edit: September 20, 2010, 19:03:11 by datahell
»
Logged
Elxis Team
|
Is Open Source
|
IOS Rentals | IOS AERO
datahell
Elxis Team
Hero Member
Posts: 10356
HTB22613 - SQL injection vulnerability in Elxis 2009.2
«
Reply #2 on:
September 20, 2010, 18:53:46 »
Vulnerability report
: September 20, 2010 by
High-Tech Bridge
on
this page
.
Affects:
Elxis 2009.2 electra rev2631 and probably prior versions
Description of the vulnerability:
SQL injection vulnerability in Elxis CMS
Why this happens:
sanitize user-supplied input in "id" variable
Solution:
Note:
In order for the SQL injection to be successful the attacker must first gain access to the administration console. So an SQL injection like that from an non logged-in user could never be successful. Besides this here is how to fix this issue. This fix has already been applied to the upcoming version 2009.3.
file:
administrator/components/com_content/admin.content.php
Change lines 25 and 26 from this:
$sectionid =mosGetParam( $_REQUEST, 'sectionid', 0 );
$id = mosGetParam($_REQUEST, 'id', '');
To this:
$sectionid = (int)mosGetParam( $_REQUEST, 'sectionid', 0 );
$id = (int)mosGetParam($_REQUEST, 'id', 0);
«
Last Edit: September 20, 2010, 19:17:12 by datahell
»
Logged
Elxis Team
|
Is Open Source
|
IOS Rentals | IOS AERO
datahell
Elxis Team
Hero Member
Posts: 10356
HTB22614 - XSS vulnerability in Elxis 2009.2
«
Reply #3 on:
September 20, 2010, 19:47:04 »
Vulnerability report
: September 20, 2010 by
High-Tech Bridge
on
this page
.
Affects:
Elxis 2009.2 electra rev2631 and probably prior versions
Description of the vulnerability:
XSS vulnerability in Elxis 2009.2
Why this happens:
sanitize user-supplied input in "search" variable
Solution:
Note:
In order for the XSS attack to be successful the site administrator must visit an external phishing web page while he is logged in in Elxis administration.
Advisory:
never visit external pages and especially those that might contain harmful code (javascript) while you are logged-in in sensitive pages.
file:
administrator/components/com_users/admin.users.php
Change lines 111 to 118 from this:
$filter_type = $mainframe->getUserStateFromRequest("filter_type{$option}", 'filter_type', 0 );
$filter_logged = $mainframe->getUserStateFromRequest("filter_logged{$option}", 'filter_logged', 0 );
$filter_enabled = intval($mainframe->getUserStateFromRequest("filter_enabled{$option}", 'filter_enabled', -1));
$filter_expired = intval($mainframe->getUserStateFromRequest("filter_expired{$option}", 'filter_expired', -1));
$limit = $mainframe->getUserStateFromRequest("viewlistlimit", 'limit', $mainframe->getCfg('list_limit'));
$limitstart = $mainframe->getUserStateFromRequest("view{$option}limitstart", 'limitstart', 0 );
$search = $mainframe->getUserStateFromRequest("search{$option}", 'search', '' );
$search = $database->getEscaped( eUTF::utf8_trim( eUTF::utf8_strtolower( $search ) ) );
To this:
$filter_type = $mainframe->makesafe(strip_tags($mainframe->getUserStateFromRequest("filter_type{$option}", 'filter_type', 0)));
$filter_logged = intval($mainframe->getUserStateFromRequest("filter_logged{$option}", 'filter_logged', 0));
$filter_enabled = intval($mainframe->getUserStateFromRequest("filter_enabled{$option}", 'filter_enabled', -1));
$filter_expired = intval($mainframe->getUserStateFromRequest("filter_expired{$option}", 'filter_expired', -1));
$limit = intval($mainframe->getUserStateFromRequest("viewlistlimit", 'limit', $mainframe->getCfg('list_limit')));
$limitstart = intval($mainframe->getUserStateFromRequest("view{$option}limitstart", 'limitstart', 0));
$search = $mainframe->makesafe(strip_tags($mainframe->getUserStateFromRequest("search{$option}", 'search', '')));
$search = $database->getEscaped(eUTF::utf8_trim(eUTF::utf8_strtolower($search)));
Note: This fix has been applied on Elxis 2009.3
«
Last Edit: September 20, 2010, 20:47:13 by datahell
»
Logged
Elxis Team
|
Is Open Source
|
IOS Rentals | IOS AERO
datahell
Elxis Team
Hero Member
Posts: 10356
HTB22615 - XSS vulnerability in Elxis CMS (contacts)
«
Reply #4 on:
September 20, 2010, 20:39:33 »
Vulnerability report
: September 20, 2010 by
High-Tech Bridge
on
this page
.
Affects:
Elxis 2009.2 electra rev2631 and probably prior versions
Description of the vulnerability:
XSS vulnerability in Elxis 2009.2 (component contacts)
Why this happens:
sanitize user-supplied input in "misc" variable
Solution:
Note:
In order for the XSS attack to be successful the site administrator must visit an external phishing web page while he is logged in in Elxis administration.
Advisory:
never visit external pages and especially those that might contain harmful code (javascript) while you are logged-in in sensitive pages.
Apply the patch attached to this post.
Note: This fix has been applied on Elxis 2009.3
[attachment deleted by admin]
«
Last Edit: September 20, 2010, 20:47:04 by datahell
»
Logged
Elxis Team
|
Is Open Source
|
IOS Rentals | IOS AERO
datahell
Elxis Team
Hero Member
Posts: 10356
HTB22616 - XSS vulnerability in Elxis CMS (component modules)
«
Reply #5 on:
September 20, 2010, 22:12:38 »
Vulnerability report
: September 20, 2010 by
High-Tech Bridge
on
this page
.
Affects:
Elxis 2009.2 electra rev2631 and probably prior versions
Description of the vulnerability:
XSS vulnerability in Elxis 2009.2 (component modules)
Why this happens:
sanitize user-supplied input in "title" variable
Solution:
Note:
In order for the XSS attack to be successful the site administrator must visit an external phishing web page while he is logged in in Elxis administration.
Advisory:
never visit external pages and especially those that might contain harmful code (javascript) while you are logged-in in sensitive pages.
Apply the patch attached to this post.
Note: This fix has been applied on Elxis 2009.3
[attachment deleted by admin]
Logged
Elxis Team
|
Is Open Source
|
IOS Rentals | IOS AERO
datahell
Elxis Team
Hero Member
Posts: 10356
Saving user submitted content
«
Reply #6 on:
September 21, 2010, 23:47:12 »
Bug report:
September 21, 2010 by
psiloscc
on
this post
.
Affects:
Elxis 2009.2 and maybe prior versions too.
Description of the bug:
You can not save the user submitted content items.
Why this happens:
The table name has false written as
elx_section
instead of the correct one
elx_sections
.
Solution:
Open file
administrator/components/com_content/admin.content.php
Go to line 995 (Elxis 2009.2)
Change this:
$database->setQuery( "SELECT title FROM #__section WHERE ......
To this:
$database->setQuery( "SELECT title FROM #__sections WHERE ......
Save the file, done!
Note: this fix has been applied on Elxis 2009.3
Logged
Elxis Team
|
Is Open Source
|
IOS Rentals | IOS AERO
datahell
Elxis Team
Hero Member
Posts: 10356
HTB22699 - SQL Injection in Elxis CMS (component polls)
«
Reply #7 on:
November 16, 2010, 19:38:26 »
Vulnerability report:
November 16, 2010 by High-Tech Bridge on
this page
.
Affects:
Elxis 2009.2, 2009.1 and probably prior versions
Description of the vulnerability:
SQL injection vulnerability in Elxis 2009.2 (component polls)
Why this happens:
sanitize HTTP_X_FORWARDED_FOR (can be spoofed)
Solution:
Update to Elxis 2009.3 or do the following:
Open file components/com_poll/poll.php
Find line 98:
} else {
$ipaddress = '';
}
Add bellow:
if ($ipaddress != '') {
if (preg_match("/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/", $ipaddress)) {
$parts = preg_split('/\./',$ipaddress);
foreach($parts as $ip_part) {
if (intval($ip_part) > 255 || intval($ip_part) < 0) { $ipaddress = ''; break; }
}
} else {
$ipaddress = '';
}
}
«
Last Edit: November 16, 2010, 19:51:41 by datahell
»
Logged
Elxis Team
|
Is Open Source
|
IOS Rentals | IOS AERO
datahell
Elxis Team
Hero Member
Posts: 10356
HTB22700 - SQL injection in Elxis CMS (core)
«
Reply #8 on:
November 16, 2010, 20:01:27 »
Vulnerability report:
November 16, 2010 by High-Tech Bridge on
this page
.
Affects:
Elxis 2009.2, 2009.1 and probably prior versions
Description of the vulnerability:
SQL injection vulnerability in Elxis 2009.2 (core)
Why this happens:
sanitize passoword cookie
Solution:
Update to Elxis 2009.3 or do the following:
Open file
includes/Core/elxis.php
Find line 619:
$username = $this->_db->getEscaped($username);
Add bellow:
$passwd = $this->_db->getEscaped($passwd);
«
Last Edit: November 16, 2010, 20:05:21 by datahell
»
Logged
Elxis Team
|
Is Open Source
|
IOS Rentals | IOS AERO
datahell
Elxis Team
Hero Member
Posts: 10356
eForum v1.1 - Arbitary File Upload vulnerability
«
Reply #9 on:
April 07, 2011, 21:17:06 »
I received a vulnerability alert by QSecure and Demetris Papapetrou about
eForum
v1.1 but
it was proved false
. Besides this I modified eForum to strengthen its security even more. Since April 7, 2011
eForum listing on EDC
is updated with this fix.
Vulnerability report
: April 7, 2011 by
QSecure
.
Affects
: Eforum v1.1 downloaded before April 6 2011
Description of the vulnerability
: eForum fails to properly filter dangerous file extensions during file upload (attachments to posts). An attacker can upload a file such as phtml and execute it later on.
Why this happens:
eForum rejects some file extensions (php, dll, exe, etc) but not all. QSecure said that someone could upload a phtml file and execute it later. I replied them that this is wrong as eForum sets permissions 666 on uploaded files and so the uploaded files do not have permissions to be executed. So, this alert is totally wrong and eForum is secure without any patch.
Solution:
You don't need to do anything.
If it makes you feel more secure re-download eForum and patch your existing installation by replacing the existing eforum.php file with the new downloaded one (file: components/com_eforum/eforum.php). In the newer version I reversed the file extension check. eForum now accepts only certain file types (jpg, jpeg, png, gif, wmv, avi, mov, flv, doc, docx, csv, xml, css, js, xls, rtf, ppt, odt, ods, txt, pdf, zip, tar, gz)
«
Last Edit: April 07, 2011, 21:30:17 by datahell
»
Logged
Elxis Team
|
Is Open Source
|
IOS Rentals | IOS AERO
datahell
Elxis Team
Hero Member
Posts: 10356
XSS vulnerability report
«
Reply #10 on:
November 23, 2011, 22:00:47 »
Vulnerability report
: November 23, 2011 by
DcLabs
.
Affects:
Elxis 2009.3 rev2681, 2009.2 and probably prior versions
Description of the vulnerability:
Cross-Site Scripting (XSS)
Why this happens:
Insufficient sanitization of REQUEST
Solution:
Download an apply the attached patch package (suitable for both 2009.2/2009.3).
Note that Elxis 2009.3 Aphrodite was patched against this type of attack and you can download the updated package
here
.
The new Elxis 2009.3 Aphrodite revision is 2684.
If you downloaded Elxis 2009.3 after November 23, 2011 you don't need to apply this patch.
[attachment deleted by admin]
«
Last Edit: November 23, 2011, 22:17:56 by datahell
»
Logged
Elxis Team
|
Is Open Source
|
IOS Rentals | IOS AERO
datahell
Elxis Team
Hero Member
Posts: 10356
SQL injection vulnerability report
«
Reply #11 on:
July 14, 2012, 11:08:09 »
Vulnerability report:
July 14, 2012 by
Jon Hounsell
.
Severity:
High
Affects:
Elxis 2009.2, Elxis 2009.3 released before July 14 2012 (revision smaller than 2691), and most probably older Elxis versions 2009.1 and 2009.0
Description of the vulnerability:
SQL injection vulnerability on Search Engines Friendly URLs analyse (file: includes/sef.php)
Why this happens:
Insufficient sanitization of REQUEST_URI
Solution:
Replace existing file
includes/sef.php
with the attached one.
Elxis release at
elxis-downloads.com
was updated with this patch.
Elxis 2009.3 Aphrodite rev2691
is safe against this threat.
Note:
if you have custom rewrite rules on your own sef.php file you must also add them in the attached file. Else the SEF URLs restoration wont work for your custom components.
EDIT 16.07.2012:
Due to a PHP bug on CLI the previous fix did not worked correctly on some servers. I updated the attached patch and the Elxis release with a fix which by-passes this problem.
«
Last Edit: July 16, 2012, 20:10:02 by datahell
»
Logged
Elxis Team
|
Is Open Source
|
IOS Rentals | IOS AERO
Print
Pages: [
1
]
« previous
next »
Elxis CMS Forum
»
General
»
News and announcements
»
Bug reports and fixes