jumpurl error with typoscript links #9
Comments
|
Hi @Boa2, do you see any referrer in your log files? The link you mention in the quicklink sections is an external link not providing any jumpurl parameter. And the link you provided with the jumpurl parameter is without juHash parameter - that's why the exception is thrown. You can find more information about the jumpurl extension in the provided security bulletin TYPO3-CORE-SA-2013-001 |
|
I don‘t have access to the server logs right now. I will search through them when I‘m back in the office in January. |
|
For the above mentioned error the log file shows a bot: ((IP)) - - [21/Dec/2017:13:56:49 +0100] "GET /forschung-lehre/neues-testament/assistentin-dr-friederike-oertelt.html?jumpurl=http%3A%2F%2Fahs.dabis.cc HTTP/1.1" 500 7976 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.2; +http://ahrefs.com/robot/)" Other jumpurl errors seem to be the result of a hack attempt: Typo3 Log: 10:35:57 [0] -- Logfile: ((IP)) - - [03/Jan/2018:10:35:57 +0100] "GET /start.html?jumpurl=http%3A%2F%2Fwww.eva-leipzig.de%2Fproduct_info.php%3Finfo%3Dp3764_Salutogenese-im-Raum-der-Kirche.html&juHash=1b678655d24024a960bb2808ddabc701f818228699999%22%20union%20select%20unhex(hex(version()))%20--%20%22x%22=%22x HTTP/1.1" 500 8260 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; generic_01_01; YPC 3.2.0; .NET CLR 1.1.4322; yplus 5.3.04b)" ((IP)) - - [03/Jan/2018:10:35:57 +0100] "GET /start.html?jumpurl=http%3A%2F%2Fwww.eva-leipzig.de%2Fproduct_info.php%3Finfo%3Dp3764_Salutogenese-im-Raum-der-Kirche.html&juHash=1b678655d24024a960bb2808ddabc701f8182286%20or%20(1,2)=(select*from(select%20name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a)%20--%20and%201%3D1 HTTP/1.1" 500 8260 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; elertz 2.4.179[128]; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)" ((IP)) - - [03/Jan/2018:10:35:57 +0100] "GET /start.html?jumpurl=http%3A%2F%2Fwww.eva-leipzig.de%2Fproduct_info.php%3Finfo%3Dp3764_Salutogenese-im-Raum-der-Kirche.html&juHash=1b678655d24024a960bb2808ddabc701f8182286%27%20or%20(1,2)=(select*from(select%20name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a)%20--%20%27x%27=%27x HTTP/1.1" 500 8260 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; elertz 2.4.025; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)" ((IP)) - - [03/Jan/2018:10:35:57 +0100] "GET /start.html?jumpurl=http%3A%2F%2Fwww.eva-leipzig.de%2Fproduct_info.php%3Finfo%3Dp3764_Salutogenese-im-Raum-der-Kirche.html&juHash=1b678655d24024a960bb2808ddabc701f8182286%22%20or%20(1,2)=(select*from(select%20name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a)%20--%20%22x%22=%22x HTTP/1.1" 500 8260 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; iOpus-I-M; .NET CLR 1.1.4322)" |
|
Hi @Boa2, |
Hi all,
A recently upgraded a typo3 6.2 LTS installation to 7.6 LTS and installed jumpurl because direct_mail seems to need it. Since this update the log show a lot of jumpurl errors:
Core: Exception handler (WEB): Uncaught TYPO3 Exception: #1359987599: The calculated Jump URL hash ("juHash") did not match the submitted "juHash" query parameter.
Exception thrown in file /.../typo3conf/ext/jumpurl/Classes/JumpUrlHandler.php in line 221.
Requested URL: http://augustana.de/aktuelles/ankuendigungen.html?jumpurl=http%3A%2F%2Fahs.dabis.cc
The link can be reached via a Dropdown in the header of all pages: "Quicklinks/Bibliothekskatalog"
When I click on that link the page opens without problems.
As far as I see those errors occur with links generated via typoscript.
I don't understand what makes those errors occur (since clicking in the frontend works) and how I can prevent them.
Any help appreciated,
Andrea
The text was updated successfully, but these errors were encountered: