The Joomla! Forum ™



Forum rules


Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.



Post new topic Reply to topic  [ 9 posts ] 
Author Message
PostPosted: Thu Aug 25, 2005 2:32 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Thu Aug 18, 2005 6:57 pm
Posts: 26
Location: Chicago Suburbs, Illinois, USA
I apologize if this has been discussed before, but I ran across this today and am looking for more information on it.  Any help would be appreciated.

Quote:
The following exploit code will retrieve the administrative password of the Mambo product by exploiting an SQL injection vulnerability in the product.

Details
Vulnerable Systems:
* Mambo version 4.5.2.1 with MySQL version 4.x

Exploit:

Mambo 4.5.2.1 + mysql 4.1 > fetch password hash by pokleyzz
*content rating using sub query to select from mos_users

Requirement:

PHP 4.x with curl extension

Description:

The problem occur because $user_rating variable is not properly sanitize when for use in SQL query
for UPDATE statement.


http://www.securiteam.com/exploits/5BP0F2KG0G.html

Thanks,

Conor


Top
 Profile  
 
PostPosted: Thu Aug 25, 2005 3:09 pm 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Thu Aug 18, 2005 8:57 am
Posts: 1381
Location: Shrewsbury, Shropshire, United Kingdom
I believe this was fixed in Mambo 4.5.2.3.

Regards,
Chris.

_________________
Chris Davenport - Joomla Production Leadership Team

Lion Coppice http://www.lioncoppice.org/
Davenport Technology Services http://www.davenporttechnology.com/


Top
 Profile  
 
PostPosted: Thu Aug 25, 2005 3:17 pm 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Fri Aug 19, 2005 3:36 pm
Posts: 618
I would very much like to know what Mambo file(s) have to be updated to eliminate this exploit.

I have two Mambo installations which are still 4.5.2.1 and for several reasons I can't update them completely to 4.5.2.3. But if this could be fixed by just updating one or maybe more files I really would like to do it!


Top
 Profile  
 
PostPosted: Thu Aug 25, 2005 3:25 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Thu Aug 18, 2005 6:57 pm
Posts: 26
Location: Chicago Suburbs, Illinois, USA
Chris Davenport wrote:
I believe this was fixed in Mambo 4.5.2.3.


Thanks Chris.  I appreciate the quick response.

Conor


Top
 Profile  
 
PostPosted: Sun Aug 28, 2005 1:26 am 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Fri Aug 19, 2005 3:36 pm
Posts: 618
Yakomo wrote:
I would very much like to know what Mambo file(s) have to be updated to eliminate this exploit.

I have two Mambo installations which are still 4.5.2.1 and for several reasons I can't update them completely to 4.5.2.3. But if this could be fixed by just updating one or maybe more files I really would like to do it!


Anyone?


Top
 Profile  
 
PostPosted: Mon Aug 29, 2005 1:02 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Thu Aug 18, 2005 6:57 pm
Posts: 26
Location: Chicago Suburbs, Illinois, USA
I'm still a mambo newbie myself, but if no one responds to this post, you should be able to go through the changelogs and find the changes.  A tedious process for sure, but should work...

Conor


Top
 Profile  
 
PostPosted: Thu Sep 01, 2005 4:49 am 
User avatar
Joomla! Hero
Joomla! Hero

Joined: Fri Aug 12, 2005 2:45 am
Posts: 2265
Location: Brisbane, Australia
Yes, this exploit was fixed in 4.5.2.3

The patch file is available here:
http://www.opensourcematters.org/index. ... &Itemid=30

It's a cummulative patch so it will upgrade 4.5.2.0|.1|.2 or 4.5.2.3

Hope this helps.

_________________
Andrew Eddie - Tweet @AndrewEddie
<><
http://learn.theartofjoomla.com - Expert videos and tutorials.
http://www.kiva.org/team/joomla - Got Joomla for free? Pay it forward and help fight poverty.


Top
 Profile  
 
PostPosted: Thu Sep 01, 2005 10:07 am 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Fri Aug 19, 2005 3:36 pm
Posts: 618
masterchief wrote:
Yes, this exploit was fixed in 4.5.2.3

The patch file is available here:
http://www.opensourcematters.org/index. ... &Itemid=30

It's a cummulative patch so it will upgrade 4.5.2.0|.1|.2 or 4.5.2.3

Hope this helps.


I have two sites which are still 4.5.2.1 and for several reasons I can not apply the whole patch to them. Is there a way to JUST fix this exploit and not apply the whole patch by f.ex. overwriting/updating only one file?


Top
 Profile  
 
PostPosted: Thu Sep 01, 2005 11:49 am 
User avatar
Joomla! Hero
Joomla! Hero

Joined: Fri Aug 12, 2005 2:45 am
Posts: 2265
Location: Brisbane, Australia
Yakomo wrote:
Is there a way to JUST fix this exploit and not apply the whole patch by f.ex. overwriting/updating only one file?
Yes.  You could install the patch in a local temp folder and then using a diff program (on Windows, Beyond Compare, see http://www.scootersoftware.com) to compare the patch with the files on your site via ftp.  But there are multiple exploits in multiple files...so the easiest thing is just to backup file system and database, then ftp the files over the top of the existing ones.

_________________
Andrew Eddie - Tweet @AndrewEddie
<><
http://learn.theartofjoomla.com - Expert videos and tutorials.
http://www.kiva.org/team/joomla - Got Joomla for free? Pay it forward and help fight poverty.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 



Who is online

Users browsing this forum: No registered users and 11 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group