Page 1 of 1

File Includer - PHP Injection

Posted: Mon Nov 19, 2007 4:57 pm
by rgv151
File Includer -Increase Performance, GZIP CSS & JS - http://extensions.joomla.org/component/ ... Itemid,35/

This tool has a PHP Injection vul, please remove it before you've been hacked!

For more info, follow this link:
http://www.domain.com/path_to_script/fi ... t/test.txt

The test.txt contain:

Re: File Includer - PHP Injection

Posted: Mon Nov 19, 2007 6:08 pm
by infograf768
Thanks for the warning.

We took off for the moment from JED this file and also a component by the same developer using that file, com_configeditor

Re: File Includer - PHP Injection

Posted: Mon Nov 19, 2007 9:49 pm
by joomborg
com_juser and com_jjgallery have RFI vulnerability as well,
exploits published yesterday and few days ago.

i guess this explains the recent rush of hacked sites...

Re: File Includer - PHP Injection

Posted: Mon Nov 19, 2007 11:03 pm
by LorenzoG
Thanks Joomborg for your report. It's appreciated!

We have unpublished JUser and Carousel Flash Image Gallery extensions and we have notified the developers.

Re: File Includer - PHP Injection

Posted: Mon Nov 19, 2007 11:09 pm
by pe7er
[MOD note: moving to 3rd party/Non Joomla! Security Issues]

Re: File Includer - PHP Injection

Posted: Tue Nov 20, 2007 8:42 pm
by LorenzoG
The developer of Carousel Flash Image Gallery has now upgraded their component and they have also released a security patch.

Re: File Includer - PHP Injection

Posted: Tue Nov 27, 2007 8:39 am
by LorenzoG
The developer of Juser says that this vulnerability has been fixed in their latest version of Juser 2.0.1 RC.

Re: File Includer - PHP Injection

Posted: Wed Jan 28, 2009 4:43 pm
by Umbungo
Hi there
Can anyone here pehaps give me some advice as to this warning message I recieved from jDefender.

My site has been atacked alot recently, and I got this after reinstaling it yesterday:

Code: Select all

---------------------------------------------
 TYPE:     PHP injection
 IP:       38.100.41.105
 USER:     [0] 
 REFERER:  
 GET:      Array
(
    [format] => feed
    [type] => rss
    [path] => <b>/</b>
)

 POST:     Array
(
    [path] => <b>/</b>
)

 COOCKIE:  Array
(
    [8059b43f35c1d36e0e0a1b138ddf6d60] => bqf2pa7itviuilhndabrojij65
    [path] => <b>/</b>
)

---------------------------------------------
My config is:
PHP Version 5.2.6
Linux fhlinux141
Joomla 1.5.9
Extentions:
mod_ninjasifr
mod_yoo_carousel
mod_yoo_login
mod_yoo_search
mod_yoo_toppanel
plg_rokbox-content
plg_rokbox-system

com_jdefender
plg_badbehaviour
plg_jdefender
plgSystemJSecure
RokBridge with PHPBB3

Theme = yoo evolution

The website has been set to offline since the reinstall, the sheer relentlessness of the atacks and the amount of work lost has really upset me now.
The above message may be nothing I'm not sure, I just need a little advice before I move the site back over and set joomla online again.