File Includer - PHP Injection
Moderator: General Support Moderators
Forum rules
- rgv151
- Joomla! Fledgling
- Posts: 2
- Joined: Mon Nov 19, 2007 4:50 pm
- Location: Vietnam
- Contact:
File Includer - PHP Injection
File Includer -Increase Performance, GZIP CSS & JS - http://extensions.joomla.org/component/ ... Itemid,35/
This tool has a PHP Injection vul, please remove it before you've been hacked!
For more info, follow this link:
http://www.domain.com/path_to_script/fi ... t/test.txt
The test.txt contain:
This tool has a PHP Injection vul, please remove it before you've been hacked!
For more info, follow this link:
http://www.domain.com/path_to_script/fi ... t/test.txt
The test.txt contain:
You do not have the required permissions to view the files attached to this post.
Last edited by rgv151 on Mon Nov 19, 2007 5:19 pm, edited 1 time in total.
You are not 555, but I am 666 \m/
- infograf768
- Joomla! Master
- Posts: 19133
- Joined: Fri Aug 12, 2005 3:47 pm
- Location: **Translation Matters**
Re: File Includer - PHP Injection
Thanks for the warning.
We took off for the moment from JED this file and also a component by the same developer using that file, com_configeditor
We took off for the moment from JED this file and also a component by the same developer using that file, com_configeditor
Jean-Marie Simonet / infograf
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group
-
- I've been banned!
- Posts: 79
- Joined: Wed Jun 20, 2007 7:29 am
- Location: ZhongGuo
Re: File Includer - PHP Injection
com_juser and com_jjgallery have RFI vulnerability as well,
exploits published yesterday and few days ago.
i guess this explains the recent rush of hacked sites...
exploits published yesterday and few days ago.
i guess this explains the recent rush of hacked sites...
- LorenzoG
- Joomla! Hero
- Posts: 2983
- Joined: Fri Aug 19, 2005 8:46 am
- Location: Stockholm, Sweden
Re: File Includer - PHP Injection
Thanks Joomborg for your report. It's appreciated!
We have unpublished JUser and Carousel Flash Image Gallery extensions and we have notified the developers.
We have unpublished JUser and Carousel Flash Image Gallery extensions and we have notified the developers.
Industributik - http://www.industributiken.se
- pe7er
- Joomla! Master
- Posts: 24985
- Joined: Thu Aug 18, 2005 8:55 pm
- Location: Nijmegen, Netherlands
- Contact:
Re: File Includer - PHP Injection
[MOD note: moving to 3rd party/Non Joomla! Security Issues]
Kind Regards,
Peter Martin, Global Moderator
Company website: https://db8.nl/en/ - Joomla specialist, Nijmegen, Netherlands
The best website: https://the-best-website.com
Peter Martin, Global Moderator
Company website: https://db8.nl/en/ - Joomla specialist, Nijmegen, Netherlands
The best website: https://the-best-website.com
- LorenzoG
- Joomla! Hero
- Posts: 2983
- Joined: Fri Aug 19, 2005 8:46 am
- Location: Stockholm, Sweden
Re: File Includer - PHP Injection
The developer of Carousel Flash Image Gallery has now upgraded their component and they have also released a security patch.
Industributik - http://www.industributiken.se
- LorenzoG
- Joomla! Hero
- Posts: 2983
- Joined: Fri Aug 19, 2005 8:46 am
- Location: Stockholm, Sweden
Re: File Includer - PHP Injection
The developer of Juser says that this vulnerability has been fixed in their latest version of Juser 2.0.1 RC.
Industributik - http://www.industributiken.se
- Umbungo
- Joomla! Apprentice
- Posts: 47
- Joined: Fri Apr 11, 2008 8:11 am
Re: File Includer - PHP Injection
Hi there
Can anyone here pehaps give me some advice as to this warning message I recieved from jDefender.
My site has been atacked alot recently, and I got this after reinstaling it yesterday:
My config is:
PHP Version 5.2.6
Linux fhlinux141
Joomla 1.5.9
Extentions:
mod_ninjasifr
mod_yoo_carousel
mod_yoo_login
mod_yoo_search
mod_yoo_toppanel
plg_rokbox-content
plg_rokbox-system
com_jdefender
plg_badbehaviour
plg_jdefender
plgSystemJSecure
RokBridge with PHPBB3
Theme = yoo evolution
The website has been set to offline since the reinstall, the sheer relentlessness of the atacks and the amount of work lost has really upset me now.
The above message may be nothing I'm not sure, I just need a little advice before I move the site back over and set joomla online again.
Can anyone here pehaps give me some advice as to this warning message I recieved from jDefender.
My site has been atacked alot recently, and I got this after reinstaling it yesterday:
Code: Select all
---------------------------------------------
TYPE: PHP injection
IP: 38.100.41.105
USER: [0]
REFERER:
GET: Array
(
[format] => feed
[type] => rss
[path] => <b>/</b>
)
POST: Array
(
[path] => <b>/</b>
)
COOCKIE: Array
(
[8059b43f35c1d36e0e0a1b138ddf6d60] => bqf2pa7itviuilhndabrojij65
[path] => <b>/</b>
)
---------------------------------------------
PHP Version 5.2.6
Linux fhlinux141
Joomla 1.5.9
Extentions:
mod_ninjasifr
mod_yoo_carousel
mod_yoo_login
mod_yoo_search
mod_yoo_toppanel
plg_rokbox-content
plg_rokbox-system
com_jdefender
plg_badbehaviour
plg_jdefender
plgSystemJSecure
RokBridge with PHPBB3
Theme = yoo evolution
The website has been set to offline since the reinstall, the sheer relentlessness of the atacks and the amount of work lost has really upset me now.
The above message may be nothing I'm not sure, I just need a little advice before I move the site back over and set joomla online again.