File Includer - PHP Injection

For all Non-Joomla! security issues. ie 3pd Components etc.

Moderator: General Support Moderators

Forum rules
Locked
User avatar
rgv151
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Mon Nov 19, 2007 4:50 pm
Location: Vietnam
Contact:

File Includer - PHP Injection

Post by rgv151 » Mon Nov 19, 2007 4:57 pm

File Includer -Increase Performance, GZIP CSS & JS - http://extensions.joomla.org/component/ ... Itemid,35/

This tool has a PHP Injection vul, please remove it before you've been hacked!

For more info, follow this link:
http://www.domain.com/path_to_script/fi ... t/test.txt

The test.txt contain:
You do not have the required permissions to view the files attached to this post.
Last edited by rgv151 on Mon Nov 19, 2007 5:19 pm, edited 1 time in total.
You are not 555, but I am 666 \m/

User avatar
infograf768
Joomla! Master
Joomla! Master
Posts: 19133
Joined: Fri Aug 12, 2005 3:47 pm
Location: **Translation Matters**

Re: File Includer - PHP Injection

Post by infograf768 » Mon Nov 19, 2007 6:08 pm

Thanks for the warning.

We took off for the moment from JED this file and also a component by the same developer using that file, com_configeditor
Jean-Marie Simonet / infograf
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group

joomborg
I've been banned!
Posts: 79
Joined: Wed Jun 20, 2007 7:29 am
Location: ZhongGuo

Re: File Includer - PHP Injection

Post by joomborg » Mon Nov 19, 2007 9:49 pm

com_juser and com_jjgallery have RFI vulnerability as well,
exploits published yesterday and few days ago.

i guess this explains the recent rush of hacked sites...

User avatar
LorenzoG
Joomla! Hero
Joomla! Hero
Posts: 2983
Joined: Fri Aug 19, 2005 8:46 am
Location: Stockholm, Sweden

Re: File Includer - PHP Injection

Post by LorenzoG » Mon Nov 19, 2007 11:03 pm

Thanks Joomborg for your report. It's appreciated!

We have unpublished JUser and Carousel Flash Image Gallery extensions and we have notified the developers.

User avatar
pe7er
Joomla! Master
Joomla! Master
Posts: 24927
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, Netherlands
Contact:

Re: File Includer - PHP Injection

Post by pe7er » Mon Nov 19, 2007 11:09 pm

[MOD note: moving to 3rd party/Non Joomla! Security Issues]
Kind Regards,
Peter Martin, Global Moderator
Company website: https://db8.nl/en/ - Joomla specialist, Nijmegen, Netherlands
The best website: https://the-best-website.com

User avatar
LorenzoG
Joomla! Hero
Joomla! Hero
Posts: 2983
Joined: Fri Aug 19, 2005 8:46 am
Location: Stockholm, Sweden

Re: File Includer - PHP Injection

Post by LorenzoG » Tue Nov 20, 2007 8:42 pm

The developer of Carousel Flash Image Gallery has now upgraded their component and they have also released a security patch.

User avatar
LorenzoG
Joomla! Hero
Joomla! Hero
Posts: 2983
Joined: Fri Aug 19, 2005 8:46 am
Location: Stockholm, Sweden

Re: File Includer - PHP Injection

Post by LorenzoG » Tue Nov 27, 2007 8:39 am

The developer of Juser says that this vulnerability has been fixed in their latest version of Juser 2.0.1 RC.

User avatar
Umbungo
Joomla! Apprentice
Joomla! Apprentice
Posts: 47
Joined: Fri Apr 11, 2008 8:11 am

Re: File Includer - PHP Injection

Post by Umbungo » Wed Jan 28, 2009 4:43 pm

Hi there
Can anyone here pehaps give me some advice as to this warning message I recieved from jDefender.

My site has been atacked alot recently, and I got this after reinstaling it yesterday:

Code: Select all

---------------------------------------------
 TYPE:     PHP injection
 IP:       38.100.41.105
 USER:     [0] 
 REFERER:  
 GET:      Array
(
    [format] => feed
    [type] => rss
    [path] => <b>/</b>
)

 POST:     Array
(
    [path] => <b>/</b>
)

 COOCKIE:  Array
(
    [8059b43f35c1d36e0e0a1b138ddf6d60] => bqf2pa7itviuilhndabrojij65
    [path] => <b>/</b>
)

---------------------------------------------
My config is:
PHP Version 5.2.6
Linux fhlinux141
Joomla 1.5.9
Extentions:
mod_ninjasifr
mod_yoo_carousel
mod_yoo_login
mod_yoo_search
mod_yoo_toppanel
plg_rokbox-content
plg_rokbox-system

com_jdefender
plg_badbehaviour
plg_jdefender
plgSystemJSecure
RokBridge with PHPBB3

Theme = yoo evolution

The website has been set to offline since the reinstall, the sheer relentlessness of the atacks and the amount of work lost has really upset me now.
The above message may be nothing I'm not sure, I just need a little advice before I move the site back over and set joomla online again.


Locked

Return to “3rd Party/Non Joomla! Security Issues”