Joomla Extensions by Joomdonation
OS Property support center

New version 3.0.6 - Security issue fixed

  • Mr. Dam
  • Topic Author
  • Offline
  • Administrator
  • Administrator
More
7 years 3 months ago - 7 years 3 months ago #92020 by Mr. Dam
New version 3.0.6 - Security issue fixed was created by Mr. Dam
Today, we received the report about a security issue (SQL injection) with OS Property extension. This is the issue on layout: Property Listing Layout of extension.
After spending time to check the issue (using both the mentioned tool sqlmap.org and code review), we found that is the potential security issue with OS Property old versions.
One of the site which was used to test the security issue report is using OS Property version 2.9.2, the other site (a dev site) is even using older version of OS Property.
If you are using OS Property 3.0.5 or older, please update to latest version of OS Property ASAP (3.0.6).

Regards,
OS Property dev team
Last edit: 7 years 3 months ago by Mr. Dam.
The following user(s) said Thank You: Rob Valk, Fulvio

Please Log in or Create an account to join the conversation.

More
7 years 3 months ago - 7 years 3 months ago #92194 by Napoleon
Replied by Napoleon on topic New version 3.0.6 - Security issue fixed
When I attempt to update, I get the error message shown below. The attached image shows what I'm seeing inside Joomla.
Code:
Warning Error connecting to the server: 403 Error Failed to download package. Download it and install manually from http://joomdonation.com/index.php?option=com_dms&task=download_update_package&document_id=91.

When I manually access the above link, I get a '403 - Invalid Domain' error shown in the 2nd attached image. Note that the link is automatically altered to use https. ' www.joomdonation.com/index.php?option=co...ckage&document_id=91 '

Not sure what's causing this. I'm running this install on a dev server on my lan and using the latest FireFox browser.
I have also attempted the update on the production server but have the same error.
Attachments:
Last edit: 7 years 3 months ago by Napoleon.

Please Log in or Create an account to join the conversation.

  • Mr. Dam
  • Topic Author
  • Offline
  • Administrator
  • Administrator
More
7 years 3 months ago #92203 by Mr. Dam
Replied by Mr. Dam on topic New version 3.0.6 - Security issue fixed
Hi Napoleon,
You should
- Register Download ID from my site, you can click on Download ID menu at the top to get the Download ID and enter it in Configuration page of OS Property
- Publish the plugin: Installer - Upgrade OS Property
before you can run the tool: Direct upgrade from back-end of your Joomla site.
Thanks
Dam

Please Log in or Create an account to join the conversation.

More
7 years 3 months ago #92205 by Napoleon
Replied by Napoleon on topic New version 3.0.6 - Security issue fixed
Thanks, it worked. FYI, I got a warning:
Code:
Warning JInstaller: :Install: Can't find XML setup file.

Please Log in or Create an account to join the conversation.

More
7 years 3 months ago #92206 by Napoleon
Replied by Napoleon on topic New version 3.0.6 - Security issue fixed
FYI: The update reverted all my translation list overrides.

Please Log in or Create an account to join the conversation.

More
7 years 3 months ago #92769 by Napoleon
Replied by Napoleon on topic New version 3.0.6 - Security issue fixed
Hi Dam,
I see that 3.0.7 is available but I haven't been able to find any information about what has changed from 3.0.6 before I upgrade. Where can I find that information?

Please Log in or Create an account to join the conversation.

  • Mr. Dam
  • Topic Author
  • Offline
  • Administrator
  • Administrator
More
7 years 3 months ago #92771 by Mr. Dam
Replied by Mr. Dam on topic New version 3.0.6 - Security issue fixed
Hi Napoleon,
Here is the description of OS Property 3.0.6: osproperty.ext4joomla.com/latest-updates...16-new-version-3-0-6
Thanks
Dam

Please Log in or Create an account to join the conversation.

More
7 years 3 months ago #92772 by Napoleon
Replied by Napoleon on topic New version 3.0.6 - Security issue fixed
Sorry Dam, I didn't make myself clear.
I would like to find out about the changes in 3.0.7.

Please Log in or Create an account to join the conversation.

  • Mr. Dam
  • Topic Author
  • Offline
  • Administrator
  • Administrator
More
7 years 3 months ago #92773 by Mr. Dam
Replied by Mr. Dam on topic New version 3.0.6 - Security issue fixed
Hi Napoleon,
This is the change in OS Property 3.0.7: osproperty.ext4joomla.com/latest-updates...17-new-version-3-0-7
Thanks
Dam
The following user(s) said Thank You: Napoleon

Please Log in or Create an account to join the conversation.

More
7 years 3 months ago #92776 by Napoleon
Replied by Napoleon on topic New version 3.0.6 - Security issue fixed
Thanks Dam.
However, my language overrides have been overwritten, again. Is there something that can be done about this? It discourages updates.

Please Log in or Create an account to join the conversation.

Moderators: Mr. DamNguyen Phu Quan

Support

Documentation

Information

Copyright © 2024 Joomla Extensions by Joomdonation. All Rights Reserved.
joomdonation.com is not affiliated with or endorsed by the Joomla! Project or Open Source Matters.
The Joomla! name and logo is used under a limited license granted by Open Source Matters the trademark holder in the United States and other countries.

Connect Us