security issue in DemoCompUpdate component
Moderator: Documentation
- carsten888
- Joomla! Ace
- Posts: 1224
- Joined: Sat Feb 11, 2006 8:32 am
- Contact:
security issue in DemoCompUpdate component
In the download on this page
http://docs.joomla.org/Managing_Compone ... 6_-_Part_1
the var 'controller' can be manipulated to include onther files in democompupdate.php.
If someone was to take this demo code as a base for an extension, it would be vunerability waiting to be abused.
http://docs.joomla.org/Managing_Compone ... 6_-_Part_1
the var 'controller' can be manipulated to include onther files in democompupdate.php.
If someone was to take this demo code as a base for an extension, it would be vunerability waiting to be abused.
http://www.pages-and-items.com my extensions:
User-Private-Page, Redirect-on-Login, Admin-Help-Pages, Dynamic-Menu-Links, Admin-Menu-Manager, plugin load module in article, plugin pure css tooltip and more...
User-Private-Page, Redirect-on-Login, Admin-Help-Pages, Dynamic-Menu-Links, Admin-Menu-Manager, plugin load module in article, plugin pure css tooltip and more...
- Chris Davenport
- Joomla! Ace
- Posts: 1370
- Joined: Thu Aug 18, 2005 8:57 am
- Location: Shrewsbury, Shropshire, United Kingdom
Re: security issue in DemoCompUpdate component
Thanks for the report. Please feel free to correct it.
Chris.
Chris.
Chris Davenport
Davenport Technology Services http://www.davenporttechnology.com/
Lion Coppice http://www.lioncoppice.org/
Davenport Technology Services http://www.davenporttechnology.com/
Lion Coppice http://www.lioncoppice.org/
- carsten888
- Joomla! Ace
- Posts: 1224
- Joined: Sat Feb 11, 2006 8:32 am
- Contact:
Re: security issue in DemoCompUpdate component
Code: Select all
// Require specific controller if requested
if ( $controller = JRequest::getVar( 'controller' ) )
{
$path = JPATH_COMPONENT.DS.'controllers'.DS.$controller.'.php';
if ( file_exists( $path ) ) { require_once $path; }
else { $controller = ''; }
}
// Create the controller
$classname = 'DemocompupdateController'.ucfirst($controller);
$controller = new $classname( );
Code: Select all
$controller = new DemocompupdateController( );
http://www.pages-and-items.com my extensions:
User-Private-Page, Redirect-on-Login, Admin-Help-Pages, Dynamic-Menu-Links, Admin-Menu-Manager, plugin load module in article, plugin pure css tooltip and more...
User-Private-Page, Redirect-on-Login, Admin-Help-Pages, Dynamic-Menu-Links, Admin-Menu-Manager, plugin load module in article, plugin pure css tooltip and more...
-
- Joomla! Apprentice
- Posts: 24
- Joined: Mon Dec 31, 2012 12:21 pm
- Location: [* spam *]
- Contact:
Re: security issue in DemoCompUpdate component
Hello carsten888,
I am new to joomla, and eager to know how it is a vulnerability. The code you have suggested is not substitute of what is written above. What to do if we use your code in controller and want to use multiple controllers for diffrent purpose.
thanks
I am new to joomla, and eager to know how it is a vulnerability. The code you have suggested is not substitute of what is written above. What to do if we use your code in controller and want to use multiple controllers for diffrent purpose.
thanks
-
- Joomla! Apprentice
- Posts: 24
- Joined: Mon Dec 31, 2012 12:21 pm
- Location: [* spam *]
- Contact:
Re: security issue in DemoCompUpdate component
I used the same code while i make any custom component. so i want to know how it is a vulnerability so that i may also make a secure custom component in future.
thanks
thanks
- carsten888
- Joomla! Ace
- Posts: 1224
- Joined: Sat Feb 11, 2006 8:32 am
- Contact:
Re: security issue in DemoCompUpdate component
@ashwani1489
yes, that code does not do the same. This component only has 1 controller, so that is the savest way to do that.
For how to deal with more then one controller read the tut here:
http://docs.joomla.org/Developing_a_Mod ... _-_Part_02
o, shoot, I just noticed that is not in the tut.
replace with:
yes, that code does not do the same. This component only has 1 controller, so that is the savest way to do that.
For how to deal with more then one controller read the tut here:
http://docs.joomla.org/Developing_a_Mod ... _-_Part_02
o, shoot, I just noticed that is not in the tut.
Code: Select all
// Require specific controller if requested
if ( $controller = JRequest::getVar( 'controller' ) )
{
$path = JPATH_COMPONENT.DS.'controllers'.DS.$controller.'.php';
if ( file_exists( $path ) ) { require_once $path; }
else { $controller = ''; }
}
// Create the controller
$classname = 'DemocompupdateController'.ucfirst($controller);
$controller = new $classname( );
Code: Select all
// Require specific controller if requested
if ( $controller = JRequest::getVar( 'controller' ) )
{
$path = JPATH_COMPONENT.DS.'controllers'.DS.$controller.'.php';
$allowed_controllers = array('items', 'categories');//specify here all allowed controllers
if ( file_exists( $path ) && in_array($controller, $allowed_controllers)) { require_once $path; }
else { $controller = ''; }
}
// Create the controller
$classname = 'DemocompupdateController'.ucfirst($controller);
$controller = new $classname( );
http://www.pages-and-items.com my extensions:
User-Private-Page, Redirect-on-Login, Admin-Help-Pages, Dynamic-Menu-Links, Admin-Menu-Manager, plugin load module in article, plugin pure css tooltip and more...
User-Private-Page, Redirect-on-Login, Admin-Help-Pages, Dynamic-Menu-Links, Admin-Menu-Manager, plugin load module in article, plugin pure css tooltip and more...
-
- Joomla! Apprentice
- Posts: 24
- Joined: Mon Dec 31, 2012 12:21 pm
- Location: [* spam *]
- Contact:
Re: security issue in DemoCompUpdate component
thanks for your nice explainationcarsten888 wrote:@ashwani1489
yes, that code does not do the same. This component only has 1 controller, so that is the savest way to do that.
For how to deal with more then one controller read the tut here:
http://docs.joomla.org/Developing_a_Mod ... _-_Part_02
o, shoot, I just noticed that is not in the tut.replace with:Code: Select all
// Require specific controller if requested if ( $controller = JRequest::getVar( 'controller' ) ) { $path = JPATH_COMPONENT.DS.'controllers'.DS.$controller.'.php'; if ( file_exists( $path ) ) { require_once $path; } else { $controller = ''; } } // Create the controller $classname = 'DemocompupdateController'.ucfirst($controller); $controller = new $classname( );
Code: Select all
// Require specific controller if requested if ( $controller = JRequest::getVar( 'controller' ) ) { $path = JPATH_COMPONENT.DS.'controllers'.DS.$controller.'.php'; $allowed_controllers = array('items', 'categories');//specify here all allowed controllers if ( file_exists( $path ) && in_array($controller, $allowed_controllers)) { require_once $path; } else { $controller = ''; } } // Create the controller $classname = 'DemocompupdateController'.ucfirst($controller); $controller = new $classname( );