The Joomla! Forum ™

Download

Demo


Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x » 3rd Party/Non Joomla! Security Issues



Post new topic Reply to topic  Page 1 of 1
  [ 13 posts ] 
  Print view Previous topic | Next topic 
Author Message
Stickymaddness
PostPosted: Thu Aug 23, 2007 7:13 am 
User avatar
Joomla! Apprentice
Joomla! Apprentice

Joined: Wed Mar 14, 2007 10:35 am
Posts: 7
This is already a few days old, but I haven't seen anything about it here, so I thought I'd post it...

Originally published as a mambo exploit, the simplefaq component for joomla is also vulnerable to the following attack,

Hence I urge everyone using simplefaq to either update to the latest version or uninstall it.

Hope I'm saving some people from getting defaced here.... ;)

moderator note: Thanks for the heads up, though please don't post exploitable hacks on the forum please. Thanks for understanding.

_________________
"lmao...yeah..right...like there will ever be a market for personal computing...."


Last edited by infograf768 on Sat Aug 25, 2007 11:54 am, edited 1 time in total.

Top
 Profile  
 
infograf768
PostPosted: Thu Aug 23, 2007 7:20 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Fri Aug 12, 2005 3:47 pm
Posts: 16630
Location: **Translation Matters**
Moving to  3rd Party/Non Joomla! Security Issues.

_________________
Jean-Marie Simonet / infograf · http://www.info-graf.fr
Multilanguage in 2.5: http://help.joomla.org/files/EN-GB_multilang_tutorial.pdf
---------------------------------
Joomla Translation Coordination Team • Joomla! Production Working Group
Top
 Profile  
 
PhilTaylor-Prazgod
PostPosted: Thu Aug 23, 2007 8:33 am 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Sat Aug 20, 2005 12:32 pm
Posts: 1109
Location: Weymouth, UK
infograf768 wrote:
Moving to  3rd Party/Non Joomla! Security Issues.


as moderator you should also remove working proof of hack concepts right???

I'll click the report button now.....

_________________
Phil Taylor - Full Time Joomla/PHP Expert
Blue Flame IT Ltd.
-- http://myjoomla.com/ Joomla Security/Hack fix Auditing Service
-- http://www.phil-taylor.com/
Top
 Profile  
 
Tonie
PostPosted: Thu Aug 23, 2007 8:53 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Thu Aug 18, 2005 7:13 am
Posts: 16285
Thanks, I've removed the proof of concept.

_________________
Joomla forum global moderator.

Take care
Top
 Profile  
 
Tonie
PostPosted: Thu Aug 23, 2007 9:16 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Thu Aug 18, 2005 7:13 am
Posts: 16285
It is actively developed from the developers here: http://www.parkviewconsultants.com/. The current version is 2.40, whereas the vulnerable version is marked down as 2.11. Don't know if the latest version also has this vulnerability.

_________________
Joomla forum global moderator.

Take care
Top
 Profile  
 
Stickymaddness
PostPosted: Thu Aug 23, 2007 9:19 am 
User avatar
Joomla! Apprentice
Joomla! Apprentice

Joined: Wed Mar 14, 2007 10:35 am
Posts: 7
afaik, v2.40 is not vulnerable to this attack.

_________________
"lmao...yeah..right...like there will ever be a market for personal computing...."
Top
 Profile  
 
infograf768
PostPosted: Thu Aug 23, 2007 10:18 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Fri Aug 12, 2005 3:47 pm
Posts: 16630
Location: **Translation Matters**
PhilTaylor-Prazgod wrote:
infograf768 wrote:
Moving to  3rd Party/Non Joomla! Security Issues.


as moderator you should also remove working proof of hack concepts right???

I'll click the report button now.....


Yep, I usually do. Forgot this time...

_________________
Jean-Marie Simonet / infograf · http://www.info-graf.fr
Multilanguage in 2.5: http://help.joomla.org/files/EN-GB_multilang_tutorial.pdf
---------------------------------
Joomla Translation Coordination Team • Joomla! Production Working Group
Top
 Profile  
 
Stickymaddness
PostPosted: Thu Aug 23, 2007 1:57 pm 
User avatar
Joomla! Apprentice
Joomla! Apprentice

Joined: Wed Mar 14, 2007 10:35 am
Posts: 7
Correction,

v2.40 IS vulnerable to this attack!

_________________
"lmao...yeah..right...like there will ever be a market for personal computing...."
Top
 Profile  
 
aravot
PostPosted: Fri Aug 24, 2007 8:00 pm 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Thu Aug 18, 2005 1:16 am
Posts: 1010
Location: Glendale, CA, USA
Version 2.50 with a fix is released http://www.parkviewconsultants.com/content/view/38/45/

_________________
http://www.virtuemart-extensions.com
Top
 Profile  
 
infograf768
PostPosted: Sat Aug 25, 2007 11:55 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Fri Aug 12, 2005 3:47 pm
Posts: 16630
Location: **Translation Matters**
Thanks Aravot, marking the thread as solved and changing title to fix provided.

_________________
Jean-Marie Simonet / infograf · http://www.info-graf.fr
Multilanguage in 2.5: http://help.joomla.org/files/EN-GB_multilang_tutorial.pdf
---------------------------------
Joomla Translation Coordination Team • Joomla! Production Working Group
Top
 Profile  
 
Shart
PostPosted: Sat Aug 25, 2007 3:31 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Tue Jul 11, 2006 6:06 am
Posts: 42
aravot wrote:
Version 2.50 with a fix is released http://www.parkviewconsultants.com/content/view/38/45/


When I check that link I think this problem is not solved or your site is hacked or there is some other problem? There are many Warnings message when I try this link?

I think you fix this quickly.

Regards,

Shart

ps. there is image what I see when I try that link


You do not have the required permissions to view the files attached to this post.

_________________
Sami Haaranen
Language Coordinator of the Finnish (fi-FI) Joomla! Translation Team
http://www.joomla.fi


Last edited by Shart on Sat Aug 25, 2007 4:18 pm, edited 1 time in total.

Top
 Profile  
 
infograf768
PostPosted: Mon Aug 27, 2007 6:51 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Fri Aug 12, 2005 3:47 pm
Posts: 16630
Location: **Translation Matters**
That site has indeed been cracked.  ???

_________________
Jean-Marie Simonet / infograf · http://www.info-graf.fr
Multilanguage in 2.5: http://help.joomla.org/files/EN-GB_multilang_tutorial.pdf
---------------------------------
Joomla Translation Coordination Team • Joomla! Production Working Group
Top
 Profile  
 
rtenny
PostPosted: Wed Sep 26, 2007 9:56 am 
User avatar
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Nov 19, 2006 10:09 pm
Posts: 27
Location: Spain
infograf768 wrote:
That site has indeed been cracked.  ???


If I open the site to download the update I get a Virus waring
HTML/Infected.WebPage.Gen - Malware

This ofcourse does make me wonder if I should use that product at all.
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 13 posts ] 


Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x » 3rd Party/Non Joomla! Security Issues

Who is online

Users browsing this forum: No registered users and 3 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group