[FIXED in 1.0.10] SQL Injection vulnerability Joomla! 1.0.9 Stable
Moderator: General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
- Bettinz
- Joomla! Enthusiast
- Posts: 209
- Joined: Fri Sep 23, 2005 3:31 pm
- Location: Italy
- Contact:
[FIXED in 1.0.10] SQL Injection vulnerability Joomla! 1.0.9 Stable
sorry for my english, but i'm italian
i've read this vulnerability in Mambo, and i ask to you if Joomla is protected against that
http://www.securityfocus.com/archive/1/437496
i've read this vulnerability in Mambo, and i ask to you if Joomla is protected against that
http://www.securityfocus.com/archive/1/437496
Last edited by stingrey on Wed Jun 28, 2006 3:48 pm, edited 1 time in total.
- stingrey
- Joomla! Hero
- Posts: 2756
- Joined: Mon Aug 15, 2005 4:36 pm
- Location: Marikina, Metro Manila, Philippines
- Contact:
Re: [UNDER REVIEW] Is Joomla secure against that?
We have only just become aware of this report and will investigate to see whether this also affects Joomla!
Initial thoughts are that since it is specifically referenced as affecting only Mambo 4.6 RC and not earlier versions of Mambo, than it is likely only to affect the latest installment of Mambo. That is the vulnerabiity is possibly due to a change made in Mambo 4.6.
Note however, this is only speculation at this stage. A definiitive answer can only be made with further investigation.
Note that this report has not yet been confirmed by Team Mambo officials as being an actual vulnerability
http://forum.mamboserver.com/showthread.php?t=81652
Initial thoughts are that since it is specifically referenced as affecting only Mambo 4.6 RC and not earlier versions of Mambo, than it is likely only to affect the latest installment of Mambo. That is the vulnerabiity is possibly due to a change made in Mambo 4.6.
Note however, this is only speculation at this stage. A definiitive answer can only be made with further investigation.
Note that this report has not yet been confirmed by Team Mambo officials as being an actual vulnerability
http://forum.mamboserver.com/showthread.php?t=81652
Last edited by stingrey on Sun Jun 18, 2006 2:31 pm, edited 1 time in total.
Rey Gigataras
http://www.wizmediateam.com <-- great team of talented Web Designers and Programmers!
http://about.me/reygigataras <-- About Me
Partner, Business Development & Project Manager, Event Manager, Sports Coach
http://www.wizmediateam.com <-- great team of talented Web Designers and Programmers!
http://about.me/reygigataras <-- About Me
Partner, Business Development & Project Manager, Event Manager, Sports Coach
- Bettinz
- Joomla! Enthusiast
- Posts: 209
- Joined: Fri Sep 23, 2005 3:31 pm
- Location: Italy
- Contact:
Re: [UNDER REVIEW] Is Joomla secure against that?
thanksstingrey wrote: We have only just become aware of this report and will investigate to see whether this also affects Joomla!
Initial thoughts are that since it is specifically referenced as affecting only Mambo 4.6 RC and not earlier versions of Mambo, than it is likely only to affect the latest installment of Mambo. That is the vulnerabiity is possibly due to a change made in Mambo 4.6.
Note however, this is only speculation at this stage. A definiitive answer can only be made with further investigation.
Note that this report has not yet been confirmed by Team Mambo officials as being an actual vulnerability
http://forum.mamboserver.com/showthread.php?t=81652
(and compliment for the speedy )
-
- Joomla! Guru
- Posts: 842
- Joined: Sat Sep 10, 2005 10:31 pm
Re: [UNDER REVIEW] Is Joomla secure against that?
I can confirm this for Mambo 4.5.2.3!stingrey wrote: Note that this report has not yet been confirmed by Team Mambo officials as being an actual vulnerability
http://forum.mamboserver.com/showthread.php?t=81652
We may not be able to control the wind, but we can always adjust our sails
- gustavo
- Joomla! Explorer
- Posts: 427
- Joined: Fri Aug 19, 2005 12:51 pm
- Location: Argentina
- Contact:
Mambo & Joomla | Weblinks SQL Injection Vulnerability
+ http://www.securityfocus.com/bid/18492/info
Have a nice day
Gustavo Raúl Aragón
Code: Select all
echo "Joomla <= 1.0.9 'Weblinks' blind SQL injection / admin credentials\r\n";
echo "disclosure exploit (benchmark() vesion)\r\n";
echo "by rgod [email protected]\r\n";
echo "site: http://retrogod.altervista.org\r\n";
Gustavo Raúl Aragón
Comunidad Joomla: Maintenance, support, translation and distribution for the Joomla!. Help site online. Member of the Spanish [es_ES] Joomla Translation Team. http://comunidadjoomla.org
- Websmurf
- Joomla! Hero
- Posts: 2230
- Joined: Fri Aug 19, 2005 2:23 pm
- Location: The Netherlands
- Contact:
Re: [UNDER REVIEW] Is Joomla secure against that?
Had a quick look.
I think your safe when you make the following changes:
open /components/com_weblinks/weblinks.php, find:
replace it with:
Than make sure no link exists in your menu to 'index.php?option=com_weblinks&task=new'.
Ofcourse this will not allow users to submit weblinks, but this will do for a lot of websites.
I think your safe when you make the following changes:
open /components/com_weblinks/weblinks.php, find:
Code: Select all
/**
* Saves the record on an edit form submit
* @param database A database connector object
*/
function saveWeblink( $option ) {
global $mosConfig_mailfrom, $mosConfig_fromname;
global $database, $my;
if ($my->gid < 1) {
mosNotAuth();
return;
}
Code: Select all
/**
* Saves the record on an edit form submit
* @param database A database connector object
*/
function saveWeblink( $option ) {
global $mosConfig_mailfrom, $mosConfig_fromname;
global $database, $my;
if ($my->gid < 1) {
mosNotAuth();
return;
}
// security check to see if link exists in a menu
$link = 'index.php?option=com_weblinks&task=new';
$query = "SELECT id"
. "\n FROM #__menu"
. "\n WHERE link LIKE '%$link%'"
. "\n AND published = 1"
;
$database->setQuery( $query );
$exists = $database->loadResult();
if ( !$exists ) {
mosNotAuth();
return;
}
Ofcourse this will not allow users to submit weblinks, but this will do for a lot of websites.
Adam van Dongen - Developer
- Blocklist, ODT Indexer, EasyFAQ, Easy Guestbook, Easy Gallery, YaNC & Redirect -
http://www.joomla-addons.org - http://www.bandhosting.nl
- Blocklist, ODT Indexer, EasyFAQ, Easy Guestbook, Easy Gallery, YaNC & Redirect -
http://www.joomla-addons.org - http://www.bandhosting.nl
- Websmurf
- Joomla! Hero
- Posts: 2230
- Joined: Fri Aug 19, 2005 2:23 pm
- Location: The Netherlands
- Contact:
Re: [UNDER REVIEW] Is Joomla secure against that?
If you do want to allow users to submit links, you can make the following modification:
Find (in the same file as above):
Replace with:
This will pop up an alert if the words 'SELECT', 'FROM' and 'WHERE' are used in the weblink title (which the exploid does).
Note:
I don't know if Joomla is vulerable to the exploid, the code posted above should protect you from the exploid if it should work.
Find (in the same file as above):
Code: Select all
// until full edit capabilities are given for weblinks - limit saving to new weblinks only
$row->id = 0;
Code: Select all
// until full edit capabilities are given for weblinks - limit saving to new weblinks only
$row->id = 0;
if(stristr($row->title, 'SELECT') && stristr($row->title, 'FROM') && stristr($row->title, 'WHERE')){
echo "<script> alert('Illegal characters in title'); window.history.go(-1); </script>\n";
exit();
}
Note:
I don't know if Joomla is vulerable to the exploid, the code posted above should protect you from the exploid if it should work.
Last edited by Websmurf on Mon Jun 19, 2006 9:51 am, edited 1 time in total.
Adam van Dongen - Developer
- Blocklist, ODT Indexer, EasyFAQ, Easy Guestbook, Easy Gallery, YaNC & Redirect -
http://www.joomla-addons.org - http://www.bandhosting.nl
- Blocklist, ODT Indexer, EasyFAQ, Easy Guestbook, Easy Gallery, YaNC & Redirect -
http://www.joomla-addons.org - http://www.bandhosting.nl
-
- Joomla! Fledgling
- Posts: 1
- Joined: Mon Jun 19, 2006 12:25 pm
Joomla! "Name" SQL Injection Vulnerability
FYI:
http://secunia.com/advisories/20746/
Exploit:
http://milw0rm.com/exploits/1922
Please let us know how to best patch this in our existing releases? Thanks!
http://secunia.com/advisories/20746/
Exploit:
http://milw0rm.com/exploits/1922
Please let us know how to best patch this in our existing releases? Thanks!
-
- Joomla! Apprentice
- Posts: 17
- Joined: Wed Oct 19, 2005 2:06 pm
- Elpie
- Joomla! Guru
- Posts: 903
- Joined: Wed Aug 17, 2005 11:26 pm
- Contact:
Re: [UNDER REVIEW] Is Joomla secure against that?
A fix for the Mambo vulnerability has been posted on Mambo Guru http://forum.mamboguru.com/showthread.php?t=264
This patch is for 4.6 RC1 and another for 4.5.3h/4.5.4 is coming. It is possible that the vulnerability affects older versions of Mambo as well.
When the 4.5.3h/4.5.4 patch is posted on the forum it may be useful for Joomla devs to look at (we are not going to be presumptious so wont be posting a fix for 1.0.9 )
This patch is for 4.6 RC1 and another for 4.5.3h/4.5.4 is coming. It is possible that the vulnerability affects older versions of Mambo as well.
When the 4.5.3h/4.5.4 patch is posted on the forum it may be useful for Joomla devs to look at (we are not going to be presumptious so wont be posting a fix for 1.0.9 )
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info
Open Source Research & Best Practice: http://osprojects.info
- stingrey
- Joomla! Hero
- Posts: 2756
- Joined: Mon Aug 15, 2005 4:36 pm
- Location: Marikina, Metro Manila, Philippines
- Contact:
Re: [CONFIRMED] Is Joomla secure against that?
This security threat is confirmed in the Joomla! codebase and affects all previous versions of Joomla! including 1.0.9
It is being listed as a [HIGH LEVEL] threat as it can lead to the possibility of confidential user password access information being gained.
Note that this vulnerability is only exploitable by sites that have registered or above frontend access to a site. If you have a site that does not have frontend access, you should be safe from this vulnerability.
An official fix is pending and will be released shortly. However, we are currently examining the core to ensure no other similar vulnerability exists elsewhere in the system.
It is being listed as a [HIGH LEVEL] threat as it can lead to the possibility of confidential user password access information being gained.
Note that this vulnerability is only exploitable by sites that have registered or above frontend access to a site. If you have a site that does not have frontend access, you should be safe from this vulnerability.
An official fix is pending and will be released shortly. However, we are currently examining the core to ensure no other similar vulnerability exists elsewhere in the system.
Last edited by stingrey on Mon Jun 19, 2006 3:49 pm, edited 1 time in total.
Rey Gigataras
http://www.wizmediateam.com <-- great team of talented Web Designers and Programmers!
http://about.me/reygigataras <-- About Me
Partner, Business Development & Project Manager, Event Manager, Sports Coach
http://www.wizmediateam.com <-- great team of talented Web Designers and Programmers!
http://about.me/reygigataras <-- About Me
Partner, Business Development & Project Manager, Event Manager, Sports Coach
- brian
- Joomla! Master
- Posts: 12785
- Joined: Fri Aug 12, 2005 7:19 am
- Location: Leeds, UK
- Contact:
Re: [CONFIRMED] Is Joomla secure against that?
Ifnyou have frontend access but NOT the ability to submit weblinks are you vulnerable?
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
- stingrey
- Joomla! Hero
- Posts: 2756
- Joined: Mon Aug 15, 2005 4:36 pm
- Location: Marikina, Metro Manila, Philippines
- Contact:
Re: [UNDER REVIEW] Is Joomla secure against that?
I'm sure Mambo users apprieciate this fix being made available.Elpie wrote: A fix for the Mambo vulnerability has been posted on Mambo Guru http://forum.mamboguru.com/showthread.php?t=264
This patch is for 4.6 RC1 and another for 4.5.3h/4.5.4 is coming. It is possible that the vulnerability affects older versions of Mambo as well.
When the 4.5.3h/4.5.4 patch is posted on the forum it may be useful for Joomla devs to look at (we are not going to be presumptious so wont be posting a fix for 1.0.9 )
However, it should be noted that you cannot access the attachement (or any attachment) on the mamboguru forums unless you are registered on the forums - this may limit the access to the fix.
It may be something you might wish to blog about on the guru site to increase its visiblity - but I understand this may be seen as trouble making
Rey Gigataras
http://www.wizmediateam.com <-- great team of talented Web Designers and Programmers!
http://about.me/reygigataras <-- About Me
Partner, Business Development & Project Manager, Event Manager, Sports Coach
http://www.wizmediateam.com <-- great team of talented Web Designers and Programmers!
http://about.me/reygigataras <-- About Me
Partner, Business Development & Project Manager, Event Manager, Sports Coach
- stingrey
- Joomla! Hero
- Posts: 2756
- Joined: Mon Aug 15, 2005 4:36 pm
- Location: Marikina, Metro Manila, Philippines
- Contact:
Re: [CONFIRMED] Is Joomla secure against that?
Unfortunately yes you are still vulnerable.brian wrote: Ifnyou have frontend access but NOT the ability to submit weblinks are you vulnerable?
However, if you impelment websmurf's suggestion here:
http://forum.joomla.org/index.php/topic ... #msg366017
This will stop this hole in this instance, where you do not allow weblinks submission.
Rey Gigataras
http://www.wizmediateam.com <-- great team of talented Web Designers and Programmers!
http://about.me/reygigataras <-- About Me
Partner, Business Development & Project Manager, Event Manager, Sports Coach
http://www.wizmediateam.com <-- great team of talented Web Designers and Programmers!
http://about.me/reygigataras <-- About Me
Partner, Business Development & Project Manager, Event Manager, Sports Coach
- Elpie
- Joomla! Guru
- Posts: 903
- Joined: Wed Aug 17, 2005 11:26 pm
- Contact:
Re: [UNDER REVIEW] Is Joomla secure against that?
Sadly, this is the way it has to be There have been abuses of copyright and until certain parties stop stripping copyright out of code, we are not comfortable with just putting the patches into our file download area. Any Mambo users who don't want to register on the forum (and there are many who don't want to be seen to be there, which is why we allow people to login as hidden users) can email me and I will send you the patches.stingrey wrote: However, it should be noted that you cannot access the attachement (or any attachment) on the mamboguru forums unless you are registered on the forums - this may limit the access to the fix.
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info
Open Source Research & Best Practice: http://osprojects.info
- stingrey
- Joomla! Hero
- Posts: 2756
- Joined: Mon Aug 15, 2005 4:36 pm
- Location: Marikina, Metro Manila, Philippines
- Contact:
Re: [UNDER REVIEW] Is Joomla secure against that?
This is unfortunate, anway I'm sure there are users who appreciate the effort.Elpie wrote: Sadly, this is the way it has to be There have been abuses of copyright and until certain parties stop stripping copyright out of code, we are not comfortable with just putting the patches into our file download area.
Rey Gigataras
http://www.wizmediateam.com <-- great team of talented Web Designers and Programmers!
http://about.me/reygigataras <-- About Me
Partner, Business Development & Project Manager, Event Manager, Sports Coach
http://www.wizmediateam.com <-- great team of talented Web Designers and Programmers!
http://about.me/reygigataras <-- About Me
Partner, Business Development & Project Manager, Event Manager, Sports Coach
-
- Joomla! Apprentice
- Posts: 33
- Joined: Sat Oct 22, 2005 7:12 pm
- Contact:
Re: [CONFIRMED] Is Joomla secure against that?
Securityfocus is listing another security issue related to "IncludePath Remote File Include Vulnerability" here: http://www.securityfocus.com/bid/18363/. Not sure if this has been addressed yet or not.
Mike
Mike
-
- Joomla! Guru
- Posts: 842
- Joined: Sat Sep 10, 2005 10:31 pm
Re: [CONFIRMED] Is Joomla secure against that?
Unfortunately, securityfocus.com doesn't provide much information. If that listing is based on http://www.securityfocus.com/archive/1/436707 (they link it as a reference), then that's not going to work. I would say that's a hoax.MikeFossati wrote: Securityfocus is listing another security issue related to "IncludePath Remote File Include Vulnerability" here: http://www.securityfocus.com/bid/18363/. Not sure if this has been addressed yet or not.
We may not be able to control the wind, but we can always adjust our sails
- stingrey
- Joomla! Hero
- Posts: 2756
- Joined: Mon Aug 15, 2005 4:36 pm
- Location: Marikina, Metro Manila, Philippines
- Contact:
Re: [CONFIRMED] Is Joomla secure against that?
Yes we are aware of this report and as pointed out by [friesengeist] there is so little information it is simply not possible to test the veracity/accuracy of the report.friesengeist wrote:Unfortunately, securityfocus.com doesn't provide much information. If that listing is based on http://www.securityfocus.com/archive/1/436707 (they link it as a reference), then that's not going to work. I would say that's a hoax.MikeFossati wrote: Securityfocus is listing another security issue related to "IncludePath Remote File Include Vulnerability" here: http://www.securityfocus.com/bid/18363/. Not sure if this has been addressed yet or not.
We have even tried to contact the original reporter via the email listed.
However, at this stage we have to list this report as being UNCONFIRMED and possibly false.
Of course if more information can be provided we will examine the issue again.
Rey Gigataras
http://www.wizmediateam.com <-- great team of talented Web Designers and Programmers!
http://about.me/reygigataras <-- About Me
Partner, Business Development & Project Manager, Event Manager, Sports Coach
http://www.wizmediateam.com <-- great team of talented Web Designers and Programmers!
http://about.me/reygigataras <-- About Me
Partner, Business Development & Project Manager, Event Manager, Sports Coach
- gustavo
- Joomla! Explorer
- Posts: 427
- Joined: Fri Aug 19, 2005 12:51 pm
- Location: Argentina
- Contact:
Re: [CONFIRMED] Is Joomla secure against that?
¿Hoax?
Tested in localhost : Joomla 1.0.9
Have a nice day
Gustavo Raúl Aragón
Tested in localhost : Joomla 1.0.9
Code: Select all
'
removed for security reasons
--------------------------------------------------------------------
Link: http://johnny.ihackstuff.com/index.php? ... 6770#16770Post subject: joomla blind sql injection
Posted: Jun 17, 2006 - 01:39 PM
Google's Worst Nightmare
rgod
Joined: Apr 06, 2005
Posts: 2533
Location: Italy
Status: Offline
dork:
http://www.google.com/search?q=%22jooml ... =&filter=0
maybe someone could catch more results, dunno
modified the mambo exploit to work against joomla:
http://retrogod.altervista.org/joomla_109_sql.html
Have a nice day
Gustavo Raúl Aragón
Last edited by gustavo on Mon Jun 19, 2006 5:43 pm, edited 1 time in total.
Comunidad Joomla: Maintenance, support, translation and distribution for the Joomla!. Help site online. Member of the Spanish [es_ES] Joomla Translation Team. http://comunidadjoomla.org
-
- Joomla! Guru
- Posts: 842
- Joined: Sat Sep 10, 2005 10:31 pm
Re: [CONFIRMED] Is Joomla secure against that?
Have you read that I was referring togustavo wrote: ¿Hoax?
Tested in localhost : Joomla 1.0.9
Code: Select all
removed for security --------------------------------------------------------------------
this post?MikeFossati wrote: Securityfocus is listing another security issue related to "IncludePath Remote File Include Vulnerability" here: http://www.securityfocus.com/bid/18363/. Not sure if this has been addressed yet or not.
I know that the [mod note: removed] stuff does work, I also confirmed yesterday that Joomla is vulnerable. However, I didn't want to make the details public, so I send them to the core devs per mail.
Last edited by nathandiehl on Mon Jun 19, 2006 5:32 pm, edited 1 time in total.
We may not be able to control the wind, but we can always adjust our sails
- gustavo
- Joomla! Explorer
- Posts: 427
- Joined: Fri Aug 19, 2005 12:51 pm
- Location: Argentina
- Contact:
Re: [CONFIRMED] Is Joomla secure against that?
ok.. thanks friesengeist
Have a nice day
Gustavo Raúl Aragón
Have a nice day
Gustavo Raúl Aragón
Comunidad Joomla: Maintenance, support, translation and distribution for the Joomla!. Help site online. Member of the Spanish [es_ES] Joomla Translation Team. http://comunidadjoomla.org
- stingrey
- Joomla! Hero
- Posts: 2756
- Joined: Mon Aug 15, 2005 4:36 pm
- Location: Marikina, Metro Manila, Philippines
- Contact:
Re: [CONFIRMED] Is Joomla secure against that?
As i stated here:gustavo wrote: ¿Hoax?
Tested in localhost : Joomla 1.0.9
http://forum.joomla.org/index.php/topic ... #msg366480
the original security report:
Joomla! "Name" SQL Injection Vulnerability
http://secunia.com/advisories/20746
has been CONFIRMED
However this issue:
Joomla IncludePath Remote File Include Vulnerability
http://www.securityfocus.com/bid/18363/
is UNCONFIRMED
Rey Gigataras
http://www.wizmediateam.com <-- great team of talented Web Designers and Programmers!
http://about.me/reygigataras <-- About Me
Partner, Business Development & Project Manager, Event Manager, Sports Coach
http://www.wizmediateam.com <-- great team of talented Web Designers and Programmers!
http://about.me/reygigataras <-- About Me
Partner, Business Development & Project Manager, Event Manager, Sports Coach
-
- Joomla! Fledgling
- Posts: 1
- Joined: Tue Jun 20, 2006 10:12 am
Re: [CONFIRMED] Is Joomla secure against that?
i got several other solutions for the exploit:
check http://macosbrain.ath.cx/wordpress/2006 ... n-exploit/
ps: the site is in german but i think you should understand it.
check http://macosbrain.ath.cx/wordpress/2006 ... n-exploit/
ps: the site is in german but i think you should understand it.
- Bettinz
- Joomla! Enthusiast
- Posts: 209
- Joined: Fri Sep 23, 2005 3:31 pm
- Location: Italy
- Contact:
Re: [CONFIRMED] Is Joomla secure against that?
i'm happy to see the utility of my thread
- eyezberg
- Joomla! Hero
- Posts: 2859
- Joined: Thu Aug 25, 2005 5:48 pm
- Location: Geneva mostly
- Contact:
Re: [CONFIRMED] Is Joomla secure against that?
Rey, any idea about ETA for the patch? thanks
Other question: can this still be accessed if there's no published link to com_weblinks? by using the option in the url?
Other question: can this still be accessed if there's no published link to com_weblinks? by using the option in the url?
Sometimes one pays most for the things one gets for nothing.
The important thing is not to stop questioning. Curiosity has its own reason for existing. AE
http://joomla15.[URL banned].com for J! 1.5 screenshots
http://www.eyezberg.com
The important thing is not to stop questioning. Curiosity has its own reason for existing. AE
http://joomla15.[URL banned].com for J! 1.5 screenshots
http://www.eyezberg.com
- gustavo
- Joomla! Explorer
- Posts: 427
- Joined: Fri Aug 19, 2005 12:51 pm
- Location: Argentina
- Contact:
Re: [CONFIRMED] Is Joomla secure against that?
Oficial solution for SQL injection .. 1.0.10 ? for when?
Svn 1.0.x
Gustavo Raúl Aragón
Svn 1.0.x
Have a nice day** HIGH Level Threats fixed in 1.0.10
A1 Unvalidated Input
* A1 - Secured `Remember Me` functionality against SQL injection attacks
* A1 - Secured `Related Items` Module against SQL injection attacks
* A1 - Secured `Weblinks` submission against SQL injection attacks
** LOW Level Threats fixed in 1.0.10
A1 Unvalidated Input
* A1 - Hardened Frontend submission forms against spoofing
Gustavo Raúl Aragón
Last edited by gustavo on Tue Jun 20, 2006 6:10 pm, edited 1 time in total.
Comunidad Joomla: Maintenance, support, translation and distribution for the Joomla!. Help site online. Member of the Spanish [es_ES] Joomla Translation Team. http://comunidadjoomla.org
- stingrey
- Joomla! Hero
- Posts: 2756
- Joined: Mon Aug 15, 2005 4:36 pm
- Location: Marikina, Metro Manila, Philippines
- Contact:
Re: [CONFIRMED] Is Joomla secure against that?
We are working as quickly as possible to complete and release 1.0.10 as soon as possible - at last check my watch said 2am.gustavo wrote: Oficial solution for SQL injection .. 1.0.10 ? for when?
Rey Gigataras
http://www.wizmediateam.com <-- great team of talented Web Designers and Programmers!
http://about.me/reygigataras <-- About Me
Partner, Business Development & Project Manager, Event Manager, Sports Coach
http://www.wizmediateam.com <-- great team of talented Web Designers and Programmers!
http://about.me/reygigataras <-- About Me
Partner, Business Development & Project Manager, Event Manager, Sports Coach
- gustavo
- Joomla! Explorer
- Posts: 427
- Joined: Fri Aug 19, 2005 12:51 pm
- Location: Argentina
- Contact:
Re: [CONFIRMED] Is Joomla secure against that?
Very thanks ray for fast reply!
Have a nice day
Gustavo Raúl Aragón
Have a nice day
Gustavo Raúl Aragón
Comunidad Joomla: Maintenance, support, translation and distribution for the Joomla!. Help site online. Member of the Spanish [es_ES] Joomla Translation Team. http://comunidadjoomla.org
- eyezberg
- Joomla! Hero
- Posts: 2859
- Joined: Thu Aug 25, 2005 5:48 pm
- Location: Geneva mostly
- Contact:
Re: [CONFIRMED] Is Joomla secure against that?
Rey, go to bed! Tomorrow's as good as today!
Anyone knows / tried if this threat is workable by just appending stuff to index.php?option=...
Anyone knows / tried if this threat is workable by just appending stuff to index.php?option=...
Sometimes one pays most for the things one gets for nothing.
The important thing is not to stop questioning. Curiosity has its own reason for existing. AE
http://joomla15.[URL banned].com for J! 1.5 screenshots
http://www.eyezberg.com
The important thing is not to stop questioning. Curiosity has its own reason for existing. AE
http://joomla15.[URL banned].com for J! 1.5 screenshots
http://www.eyezberg.com