[FIXED in 1.0.10] SQL Injection vulnerability Joomla! 1.0.9 Stable

[gdwoods]

Sure does, and works like a charm. Thanks!

[ddmobley]

Which one? The fix from the last post, or the one from post #36? #36 should work. You need to save the weblinks that have backslashes again though, without the backslashes...

Can you tell me if your fix corrects the weblinks display in the administration control panel?  There is no weblinks class file in the admin interface, so I would think the display in the admin control panel would still display them incorrectly, unless I am wrong on this.

[friesengeist]

Can you tell me if your fix corrects the weblinks display in the administration control panel?  There is no weblinks class file in the admin interface, so I would think the display in the admin control panel would still display them incorrectly, unless I am wrong on this.

The class file in /components/weblinks/weblinks.class.php is also used for the administrator part of your website. No need to duplicate code
But as said before, it only comes to work when you resave weblink items without the backslashes in it. They won't go away magically

[Umbungo]

Hi everyone
I'm using the jDownloads component in Legacy mode on my Joomla 1.5.9 website.
Having found the website to be running extreemly slowly I installed SSRRN Free Anti-Hacker for joomla 1.5 and it sent me tons of emails with the following :

IP Address: 74.6.18.254
URL: http://www.vaultfiles.com/index.php
Referer (if any): http://www.vaultfiles.com
Query String: option=com_jdownloads&Itemid=1&task=view.download&cid=203
Violation: Injection - [0]

each mail contained a different IP adress and the Query String had different cid numbers on the end, when I restored the SQL to an earlier version I found the website to run smoothly again.

I'm very novice at SQL Query and I have informed 'Arno' (creator of jDownloads) of the issue, but I'm sure he hasn't had time to see my post yet.

Can any one help me get to the bottom of whats causing this, I have seen similer catid code within jDownloads that similer to whats mentions on page three of this forum post.

infograf768 - I have seen so many of your posts in the past and they have been of great help to me, you are a Joomla star.

A note on hackers, I personally think that hacking should be recognised as a mental disorder, people that do so are not mentally equipted to be proper members of society and should get the mental care they need to help them reform back in to society, I feel very sorry for such individuals as I'm sure they are unaware of just how sad it is to hack a website.

[infograf768]

I suggest you save your time by forgetting about Joomla 1.0.x outdated and not maintained any more version.
Use 1.5.23, or 1.7.0

[mandville]

topic locked due to age