[fix provided] com_simplefaq vunerabilities...

Stickymaddness · **Joined:** Wed Mar 14, 2007 10:35 am **Posts:** 6

This is already a few days old, but I haven't seen anything about it here, so I thought I'd post it...

Originally published as a mambo exploit, the simplefaq component for joomla is also vulnerable to the following attack,

Hence I urge everyone using simplefaq to either update to the latest version or uninstall it.

Hope I'm saving some people from getting defaced here....

moderator note: Thanks for the heads up, though please don't post exploitable hacks on the forum please. Thanks for understanding.

infograf768 · **Posted:** Thu Aug 23, 2007 7:20 am

Moving to 3rd Party/Non Joomla! Security Issues.

PhilTaylor-Prazgod · **Posted:** Thu Aug 23, 2007 8:33 am

infograf768 wrote:

Moving to 3rd Party/Non Joomla! Security Issues.

as moderator you should also remove working proof of hack concepts right???

I'll click the report button now.....

Tonie · **Joined:** Thu Aug 18, 2005 7:13 am **Posts:** 13255

Thanks, I've removed the proof of concept.

Tonie · **Joined:** Thu Aug 18, 2005 7:13 am **Posts:** 13255

It is actively developed from the developers here: http://www.parkviewconsultants.com/. The current version is 2.40, whereas the vulnerable version is marked down as 2.11. Don't know if the latest version also has this vulnerability.

Stickymaddness · **Joined:** Wed Mar 14, 2007 10:35 am **Posts:** 6

afaik, v2.40 is not vulnerable to this attack.

infograf768 · **Posted:** Thu Aug 23, 2007 10:18 am

PhilTaylor-Prazgod wrote:

infograf768 wrote:

Moving to 3rd Party/Non Joomla! Security Issues.

as moderator you should also remove working proof of hack concepts right???

I'll click the report button now.....

Yep, I usually do. Forgot this time...

Stickymaddness · **Joined:** Wed Mar 14, 2007 10:35 am **Posts:** 6

Correction,

v2.40 IS vulnerable to this attack!

aravot · **Posted:** Fri Aug 24, 2007 8:00 pm

Version 2.50 with a fix is released http://www.parkviewconsultants.com/content/view/38/45/

infograf768 · **Posted:** Sat Aug 25, 2007 11:55 am

Thanks Aravot, marking the thread as solved and changing title to fix provided.

Shart · **Joined:** Tue Jul 11, 2006 6:06 am **Posts:** 3

aravot wrote:

Version 2.50 with a fix is released http://www.parkviewconsultants.com/content/view/38/45/

When I check that link I think this problem is not solved or your site is hacked or there is some other problem? There are many Warnings message when I try this link?

I think you fix this quickly.

Regards,

Shart

ps. there is image what I see when I try that link

infograf768 · **Posted:** Mon Aug 27, 2007 6:51 am

That site has indeed been cracked.

rtenny · **Posted:** Wed Sep 26, 2007 9:56 am

infograf768 wrote:

That site has indeed been cracked.

If I open the site to download the update I get a Virus waring
HTML/Infected.WebPage.Gen - Malware

This ofcourse does make me wonder if I should use that product at all.

Joomla! Discussion Forums

[fix provided] com_simplefaq vunerabilities...

Quick reply

Who is online