The Joomla! Forum ™

Hope I'm posting this properly. I went to security forum, searched on database, then searched within the results on jos_core_log_items and got zero results, so I don't think this problem has been brought up before. Will also post there.

This problem is NOT specific to my implementation of Joomla, but it concerns a vulnerability that could disastrously effect some Joomla users.


Description:
[USER] Give a description of the bug in your own words
The bug allows a third party to gain access to another Joomla site's joomla database.

Reported on:
[USER] Joomla version/build
I am using Joomla 1.5.8, but the problem allowed me to access sites running 1.0.13 and .15-- that I know of. I actually visited a lot of sites to be sure this was not some weird anomaly.

Classification:
[BugSquad] Critical/High/Medium/Low/Enhancement
Because it affects other uses' databases, I believe this is critical.

Affected functions:
[USER] Describe the affected functions
Was able to gain access to other site's mysql database, apparently through phpMyAdmin.

Related files:
[USER] List related files when known
Table: jos_core_log_items, although may be possible using other tables. I explain below.

Steps to replicate:
[USER] Give a step-by-step how to replicate the problem
Also provide live URL when available so we can review our selves!
I was casually looking through my database using phpMyAdmin when I got to this table: jos_core_log_items. I clicked on browse to see what kind of things were being logged, and I noted this warning: "No index defined! Create an index on ___ columns "

Not knowing whether I should create the index or not, I decided to research the issue first and see what other users had been told to do.

So I entered this query into google search: Table: jos_core_log_items

I was presented with a list of what I assumed were similar requests for assistance by other users. When I clicked on one, I was taken directly to that site's database.

I repeated the process several times to be sure that database access was being achieved routinely and each time I got into the website's database. Ech time it was a joomla database (i.e., jos_banners, jos_users, etc).



Analysis:
[BugSquad] Confirmed/Unable to confirm/Rejected
Any other comments

I'm sure a hacker could really exploit this seeming vulnerability and do real damage here, so I'm listing this as critical. This may be a phpMyAdmin vulnerability, but since every google website result I clicked on brought up a joomla database, I thought you should know.

Proposed fix(es):
[USER] Any possible fixes in code that might provide a solution
Haven't had time to explore. Am reporting this immediately to you.

Topic / Artifact ID:
[USER] Enter the cross reference for topic or artifact id/url when submitted

System info:
[USER] Enter your system info
On LAMP platform, running Joomla 1.5.8, orlandoadvocate.com

What you are finding in your google searches are simply unsecured phpmyadmin installations and nothing to do with joomla. The reason why you only found joomla sites in your search is quite simply because you were searching for a database table that only exists in joomla.

leahshaw good point here

_________________
Lithuanian Joomla! Community http://www.lithuanianjoomla.com
lietuviškas Joomla! puslapis, naujienos, straipsniai, forumas, vertimai
always be open source, and be free as freedom