XSS Attack caused by /wp-cart-for-digital-products/lib/jquery.cookie.js

Tips and Tricks HQ Forum » WP eStore Forum » WP eStore Troubleshooting

XSS Attack caused by /wp-cart-for-digital-products/lib/jquery.cookie.js

(5 posts) (3 voices)

Tags:

Jan Michalicka
Member

Hi, I have installed eStore plugin you send me by email yesterday and my ISP blocked my IP address, because of XSS Attack caused by your plugin. Could you fix it? I don't want to be blocked again.

Here is log from their firewall:

Firewall Log:
---------
Sep 6 03:38:04 gvo19362 lfd[22954]: 5 (mod_security) rule triggers from 81.0.207.144 (CZ/Czech Republic/-) in the last 300
secs - *Blocked in csf*
---------
Error Log :
---------
[Mon Sep 06 03:38:02 2010] [error] [client 81.0.207.144] ModSecurity: Access denied with code 406 (phase 2). Pattern match "
(?:\\b(?:(?:type\\b\\W*?\\b(?:text\\b\\W*?\\b(?:j(?:ava)?|ecma|vb)|application\\b\\W*?\\bx-(?:java|vb))script|c(?:opyparentf
older|reatetextrange)|get(?:special|parent)folder|iframe\\b.{0,100}?\\bsrc)\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|
ve)|key(?:press|d ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "117"] [id "950004"] [ms
g "Cross-site Scripting (XSS) Attack"] [data ".cookie"] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"] [hostname "www.mojeakad
emie.tv"] [uri "/wp-content/plugins/wp-cart-for-digital-products/lib/jquery.cookie.js"] [unique_id "TISoagyEwT4AAFj3gG0AAAAP
"]
---------
Mod_sec Rule :
---------
phase:2,capture,t:none,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:'C
ross-site Scripting (XSS) Attack',id:'950004',tag:'WEB_ATTACK/XSS',logdata:'%{TX.0}',severity:'2'"
SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer "(?:\b(?:(?:type\b\W*?\b(?:text\b\W*?\b(?:j(?:ava)?|ecma|vb)|applica
tion\b\W*?\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\b.{0,100}?\bsrc)\b|o
n(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|down|up)|c(?:hange|lick)|s(?:elec|ubmi)t|(?:un)?load|dragdrop|re
size|focus|blur)\b\W*?=|abort\b)|(?:l(?:owsrc\b\W*?\b(?:(?:java|vb)script|shell|http)|ivescript)|(?:href|url)\b\W*?\b(?:(?:j
ava|vb)script|shell)|background-image|mocha):|s(?:(?:tyle\b\W*=.*\bexpression\b\W*|ettimeout\b\W*?)\(|rc\b\W*?\b(?:(?:java|v
b)script|shell|http):)|a(?:ctivexobject\b|lert\b\W*?\(|sfunction:))|<(?:(?:body\b.*?\b(?:backgroun|onloa)d|input\b.*?\btype\
b\W*?\bimage)\b| ?(?:(?:script|meta)\b|iframe)|!\[cdata\[)|(?:\.(?:(?:execscrip|addimpor)t|(?:fromcharcod|cooki)e|innerhtml)
|\@import)\b)" \
---------

Posted 1 year ago #
amin007
Key Master

It seems the problem is caused by an apche module (mod_security), which possibly makes a conflict with a Javascript library (jquery.cookie.js), included by eStore. Some hosting companies seem to have slightly inappropriate configuration for the apache mod_security.

Anyway, lets disable the JavaScript library in question and see how it goes.

Can you please open the "wp_eStore1.php" file and search for the following:

wp_enqueue_script('jquery.cookie',WP_ESTORE_LIB_URL.'/jquery.cookie.js');

once you find it please delete that line and it won't include the jquery cookie library. Let me know how it goes.

Posted 1 year ago #
Jan Michalicka
Member

I removed this line and deleted file "jquery.cookie.js".
It's ok for now. If any further problem, I let you know.
Thanks

Posted 1 year ago #
webenter
Member

I used this fix but now the display shopping cart function is not functioning correctly. Did you experience this problem too?

thanks,

Jayne

Posted 1 year ago #
amin007
Key Master

This question has been answered here:
http://www.tipsandtricks-hq.com/forum/topic/estore-has-script-that-triggers-security-rule-and-causes-blocked-ip-addresses

Posted 1 year ago #

RSS feed for this topic

Reply

You must log in to post.