J! Reactions : Confirmed Spam Exploit

winuser · **Posted:** Thu Aug 16, 2007 6:47 pm

Two Pro Edition users were notified by their service companies that a file in the J! Reactions commenting system was being used to send spam email (apparently French content). The problem has been traced specifically to the langset.php file (which is located in the administrator/components/com_jreactions folder. Build 1.9.0 will fix this problem, but the immediate action is to simply replace the langset.php file. Here it is:

Code:

<?php defined( '_VALID_MOS' ) or die( 'Direct access is prohibited.' );
global $mosConfig_lang;
if (file_exists("$comPath/custom/".$mosConfig_lang.".php")) {
   include("$comPath/custom/".$mosConfig_lang.".php");
} else {
   require("$comPath/custom/english.php");
} ?>

The security issue is caused by the fact that the old file does not check for VALID_MOS. I suggest that all J! Reactions' users (a) un-install the J! Reactions component in the normal manner, (b) double-check that ALL J! Reactions folders on the server are removed after the un-install, and (c) install build 1.9.0 when it is released in a few days. Any existing comment data will be safe in the data tables in the interim.

I apologize for any service interruptions resulting from this exploit. :-[

rliskey · **Posted:** Thu Aug 16, 2007 10:44 pm

Thanks for reporting and for providing clear recovery directions.

Added to the Vulnerable Extensions list here:
http://help.joomla.org/component/option ... temid,268/

Forum rules

J! Reactions : Confirmed Spam Exploit

Quick reply

Who is online