The Joomla! Forum ™





Post new topic Reply to topic  [ 8 posts ] 
Author Message
PostPosted: Mon Nov 19, 2007 4:57 pm 
User avatar
Joomla! Fledgling
Joomla! Fledgling

Joined: Mon Nov 19, 2007 4:50 pm
Posts: 2
Location: Vietnam
File Includer -Increase Performance, GZIP CSS & JS - http://extensions.joomla.org/component/ ... Itemid,35/

This tool has a PHP Injection vul, please remove it before you've been hacked!

For more info, follow this link:
http://www.domain.com/path_to_script/fi ... t/test.txt

The test.txt contain:


You do not have the required permissions to view the files attached to this post.

_________________
You are not 555, but I am 666 \m/


Last edited by rgv151 on Mon Nov 19, 2007 5:19 pm, edited 1 time in total.

Top
 Profile  
 
PostPosted: Mon Nov 19, 2007 6:08 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Fri Aug 12, 2005 3:47 pm
Posts: 17321
Location: **Translation Matters**
Thanks for the warning.

We took off for the moment from JED this file and also a component by the same developer using that file, com_configeditor

_________________
Jean-Marie Simonet / infograf · http://www.info-graf.fr
Multilanguage in 2.5: http://help.joomla.org/files/EN-GB_multilang_tutorial.pdf
---------------------------------
Joomla Translation Coordination Team • Joomla! Production Working Group


Top
 Profile  
 
PostPosted: Mon Nov 19, 2007 9:49 pm 
User avatar
I've been banned!

Joined: Wed Jun 20, 2007 7:29 am
Posts: 79
Location: ZhongGuo
com_juser and com_jjgallery have RFI vulnerability as well,
exploits published yesterday and few days ago.

i guess this explains the recent rush of hacked sites...


Top
 Profile  
 
PostPosted: Mon Nov 19, 2007 11:03 pm 
User avatar
Joomla! Virtuoso
Joomla! Virtuoso

Joined: Fri Aug 19, 2005 8:46 am
Posts: 3011
Location: Stockholm, Sweden
Thanks Joomborg for your report. It's appreciated!

We have unpublished JUser and Carousel Flash Image Gallery extensions and we have notified the developers.

_________________
Industributik - http://www.industributiken.se


Top
 Profile  
 
PostPosted: Mon Nov 19, 2007 11:09 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Thu Aug 18, 2005 8:55 pm
Posts: 20031
Location: Nijmegen, The Netherlands
[MOD note: moving to 3rd party/Non Joomla! Security Issues]

_________________
Kind Regards,
Peter Martin, Global Moderator - Community Leadership Team
http://www.db8.nl - Joomla specialist, Nijmegen, Nederland
Joomla 2.5 multilanguage in 10 steps: http://www.db8.nl/en/joomla-presentatio ... ge-website


Top
 Profile  
 
PostPosted: Tue Nov 20, 2007 8:42 pm 
User avatar
Joomla! Virtuoso
Joomla! Virtuoso

Joined: Fri Aug 19, 2005 8:46 am
Posts: 3011
Location: Stockholm, Sweden
The developer of Carousel Flash Image Gallery has now upgraded their component and they have also released a security patch.

_________________
Industributik - http://www.industributiken.se


Top
 Profile  
 
PostPosted: Tue Nov 27, 2007 8:39 am 
User avatar
Joomla! Virtuoso
Joomla! Virtuoso

Joined: Fri Aug 19, 2005 8:46 am
Posts: 3011
Location: Stockholm, Sweden
The developer of Juser says that this vulnerability has been fixed in their latest version of Juser 2.0.1 RC.

_________________
Industributik - http://www.industributiken.se


Top
 Profile  
 
PostPosted: Wed Jan 28, 2009 4:43 pm 
User avatar
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri Apr 11, 2008 8:11 am
Posts: 47
Hi there
Can anyone here pehaps give me some advice as to this warning message I recieved from jDefender.

My site has been atacked alot recently, and I got this after reinstaling it yesterday:
Code:
---------------------------------------------
 TYPE:     PHP injection
 IP:       38.100.41.105
 USER:     [0]
 REFERER: 
 GET:      Array
(
    [format] => feed
    [type] => rss
    [path] => <b>/</b>
)

 POST:     Array
(
    [path] => <b>/</b>
)

 COOCKIE:  Array
(
    [8059b43f35c1d36e0e0a1b138ddf6d60] => bqf2pa7itviuilhndabrojij65
    [path] => <b>/</b>
)

---------------------------------------------

My config is:
PHP Version 5.2.6
Linux fhlinux141
Joomla 1.5.9
Extentions:
mod_ninjasifr
mod_yoo_carousel
mod_yoo_login
mod_yoo_search
mod_yoo_toppanel
plg_rokbox-content
plg_rokbox-system

com_jdefender
plg_badbehaviour
plg_jdefender
plgSystemJSecure
RokBridge with PHPBB3

Theme = yoo evolution

The website has been set to offline since the reinstall, the sheer relentlessness of the atacks and the amount of work lost has really upset me now.
The above message may be nothing I'm not sure, I just need a little advice before I move the site back over and set joomla online again.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 8 posts ] 



Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group