Support

Admin Tools

#33214 Exceptionshandler.php exception for "template= in URL"

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Wednesday, 15 July 2020 17:17 CDT

Sunday, 14 June 2020 12:37 CDT

b8fish

observed on site https://inqsec.com/

 

I have been seeing php exceptions being reported from exceptionshandler.php:

Error Code

403

Error Type

Exception

Message

Oops. Something is wrong.

File

/home/inqsecco/public_html/homej3/plugins/system/admintools/util/exceptionshandler.php

Line

145

Request

/component/mailto/?tmpl=component&template=js_flow&link=2a9f2b2d96ff9b39484ca917b14ae22f6f4d12a3

Referrer

Direct

Remote

109.102.111.20 (109.102.111.20)

 

These occur 3 times in rapid succession (I have "Block after" set to 3), and the IP referenced is recorded in the AdminTools' Security Exceptions log as Reason: template= in URL with the Target URL

https://inqsec.com/component/mailto/?tmpl=component&template=js_flow&link=5d52bd744f9423f1dff1f04edca5dae585c2a8f4

I see line 145 is: throw new Exception($message, 403);

so wondering if this is the expected behavior when detecting this "template=" condition or if it is from an exception in the exception handling.

--

Paul

 

Edited by b8fish on 2020-06-14 12:38 CDT

Monday, 15 June 2020 02:04 CDT

nicholas

What you describe is not a bug but the way Admin Tools is supposed to work since Joomla 3.2.

When a request is blocked we throw an Exception. This is caught by Joomla which displays the Joomla error page. That's how Joomla is supposed to display error pages, by catching unhandled exceptions. Apparently something on your site (a plugin or your template) is intercepting the Exceptions and gives you the message you copied here. The rapid succession is irrelevant; that's the attacker probing your site in quick succession and you get one message per blocked request until his IP is automatically blocked.

In any case, if you would like to display a custom page you can of course set Admin Tools, Web Application Firewall, Configure WAF, Customisation, Show errors using a customisable HTML template to Yes and follow the documentation instructions to customise the Admin Tools error page.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 15 July 2020 17:17 CDT

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.
Edited by on 2020-07-15 17:17 CDT

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!