All other hack attempts made to the site have been resisted/repulsed by Admin Tools firewall but 2 days ago I found this as an exception description: ATOOLS_LBL_REASON_XSSSHIELD and I cannot find out what it means, or if there is a security hole where that hole is, to enable me to fix it. So in first instance I just need to understand the message better and secondly, if theres a hole that needs fixing?
#24139 ATOOLS_LBL_REASON_XSSSHIELD
Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket
Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Environment Information
Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a
Latest post by on Thursday, 11 February 2016 17:20 CST
Friday, 08 January 2016 11:33 CST
austinseven
Friday, 08 January 2016 12:59 CST
dlb
It looks like an untranslated string for a Cross Site Scripting exception. That code was removed from Admin Tools in version 3.6.7. Is this an old record? The XSS code was removed because it gave far too many false positives and the Joomla! code has improved to the point where it wasn't necessary any more, there were other, better defenses.
Anything you see in the Security Exceptions Log has been stopped by Admin Tools. No further action is required for those attacks.
Anything you see in the Security Exceptions Log has been stopped by Admin Tools. No further action is required for those attacks.
Dale L. Brackin
Support Specialist
English: nativePlease keep in mind my timezone and cultural differences when reading my replies. Thank you!
????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)
Monday, 11 January 2016 09:59 CST
austinseven
No not an old record, popped up last week for forst time - hence the question. Thanks for the answer, very good support.
I have a second, related question. An Acunetix scan of the SQL Db suggests there are 2 HTML forms without CSRF protection, although the free Acunetix scan does not tell what forms - how does this happen if I have Admin Tools Pro running with that protection enabled? And more to the point how do I fix this?
Bill
I have a second, related question. An Acunetix scan of the SQL Db suggests there are 2 HTML forms without CSRF protection, although the free Acunetix scan does not tell what forms - how does this happen if I have Admin Tools Pro running with that protection enabled? And more to the point how do I fix this?
Bill
Tuesday, 12 January 2016 08:55 CST
dlb
About your original question regarding the language string, it seems the XSS Shield code was not completely removed in version 3.5.7. Please manually remove the file "plugins/system/admintools/feature/xssshield.php" and that will get rid of it.
Regarding your second question, you can enable the CSRF feature and set it to “Advanced" however you should double check if everything is working, since we’re going to inject a new hidden field in every form and this technique does not work with all extensions.
The Advanced setting of CSRFShield is not foolproof. Core Joomla! forms and most third party extensions won't mind but if an extension does a POST and doesn't filter the input correctly it will break. Virtuemart, for example, is an extension that is known to break with CSRFShield set to Advanced.
Regarding your second question, you can enable the CSRF feature and set it to “Advanced" however you should double check if everything is working, since we’re going to inject a new hidden field in every form and this technique does not work with all extensions.
The Advanced setting of CSRFShield is not foolproof. Core Joomla! forms and most third party extensions won't mind but if an extension does a POST and doesn't filter the input correctly it will break. Virtuemart, for example, is an extension that is known to break with CSRFShield set to Advanced.
Dale L. Brackin
Support Specialist
English: nativePlease keep in mind my timezone and cultural differences when reading my replies. Thank you!
????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)
Thursday, 11 February 2016 17:20 CST
System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.