Feeling Lucky
?
[#20899] - Hackers have infaltrated com_contact through XSS and [POST:jform]
- Closed
- 27 Jun 2018
- Medium
- Build: staging
- # 20899
Steps to reproduce the issue
Upgraded to 3.8.10. As soon as I did Hackers from Germany hit com_contact with XSS attacks and [POST:jform] and send multiple emails through this component. I don't even use this component on my site.
Expected result
No hacking and XSS attack of com_contact
Actual result
emails are sent to me using this component 5 emails every 5 minutes
System information (as much as possible)
PHP 7.0.30
Joomla 3.8.10
Additional comments
At this time I have installed Security Check Pro and it is stripping the XSS attack and stopping this. Won't upgrade any more sites until this is rectified.
| Labels |
Added:
?
|
||
franz-wohlkoenig
- comment
- 27 Jun 2018
Issue closed as stated above. @visualtribe please ask further help on the forums. This repository concerns in first Place Joomla-Core coding.
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2018-06-27 18:49:56 |
| Closed_By | ⇒ | franz-wohlkoenig |
joomla-cms-bot
- comment
- 27 Jun 2018
Set to "closed" on behalf of @franz-wohlkoenig by The JTracker Application at issues.joomla.org/joomla-cms/20899
This is just spamming, this has been repeatedly investigated recently and there is no exploit.
Just because you dont use com_contact, doesnt mean its not "there" waiting to be used.
Just Implement captcha on the forms, or remove your contacts:
https://docs.joomla.org/How_do_you_use_Recaptcha_in_Joomla%3F