The Joomla! Forum ™

Download

Demo


Board index » Joomla! Older Version Support » Joomla! 1.5 » Security in Joomla! 1.5

Forum rules


Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.



Post new topic Reply to topic  Page 1 of 1
  [ 2 posts ] 
  Print view Previous topic | Next topic 
Author Message
strange_j
 Post subject: Directory Traversal
PostPosted: Thu May 10, 2012 10:29 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Thu May 10, 2012 9:54 pm
Posts: 1
Hello everybody,

I have Joomla 1.5.26 installed on my host. I have checked all security things. Everything looked OK until I have scanned my website using Acunetix WVS and it founds a Directory Traversal.
I'm not so familiar with PHP and I not able to understand good the problem.
Can anyone help me to fix this problem. Because it looks a high risk alert.



This vulnerability affects /index.php.

Source file:
/public_html/libraries/joomla/filesystem/file.php line: 246

Additional details:

File:**public_html/1ACUSTARTFILE/../../xxx\..\..\ACUENDFILE
"fopen" was called.
Stack trace:
1. JFile::read([string] "**/public_html/1ACUSTARTFILE/../../xxx\..\..\ACUENDFILE")
2. T3AjaxSite::gzip()
3. plgSystemJAT3::onAfterInitialise()
4. JEvent::update([array] count=0)
5. JDispatcher::trigger([string] "onAfterInitialise", [NULL] )
6. JApplication::triggerEvent([string] "onAfterInitialise")

Attack details:
URL encoded GET input file was set to 1ACUSTARTFILE/../../xxx\..\..\ACUENDFILE


And the Acunetix WVS suggests to filter metacharacters from user input...

Thanks in advance ..!


Last edited by strange_j on Fri May 11, 2012 6:52 am, edited 1 time in total.

Top
 Profile  
 
mandville
 Post subject: Re: Directory Traversal
PostPosted: Thu May 10, 2012 11:43 pm 
User avatar
Joomla! Master
Joomla! Master
Online

Joined: Mon Mar 20, 2006 1:56 am
Posts: 11706
Location: The Girly Side of Joomla in Sussex
1. contact the script developer and confirm the results with them
2. if it is an extension thats reported, contact the developer and inform the vel team
3. if its an issue with the core, inform the jsst.
4. contact the script/pci/scanner developer and ask them to confirm the results.

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 2 posts ] 


Board index » Joomla! Older Version Support » Joomla! 1.5 » Security in Joomla! 1.5

Who is online

Users browsing this forum: No registered users and 25 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group