[FIX AVAIL.] Very Important mosMedia Security risks

For all Non-Joomla! security issues. ie 3pd Components etc.

Moderator: General Support Moderators

Forum rules
Locked
User avatar
PhilTaylor-Prazgod
Joomla! Ace
Joomla! Ace
Posts: 1402
Joined: Sat Aug 20, 2005 12:32 pm
Location: Jersey, Channel Islands
Contact:

[FIX AVAIL.] Very Important mosMedia Security risks

Post by PhilTaylor-Prazgod » Thu Jul 20, 2006 9:55 am

It has come to our attention that the mosMedia Component can, under certain circumstances, allow a hacker to gain access to your website.

This email is being sent to all mosMedia Customers who purchased through http://www.phil-taylor.com and relates to several possible security holes in mosMedia component. As you may be aware, certain hackers are attempting to hack many Joomla websites through custom components.

We have attempted to contact the original author of the component yesterday but we have to now received no contact back from him. Phil-Taylor.com only sell this component from their site on behalf of the original developer, we are not responsible for thedevelopment, quality of the code or the support of the product.

We suspended sales of mosMedia while we tried to contact the author - we have still had no luck contacting him

As an added valuable service to those mosMedia customers who purchased through our website (http://www.phil-taylor.com) we are happy to release a non-official mosMedia 1.0.8 security patch to mosMedia 1.0.8 that resolves the know security issues. The patch download has been made public so other mosMedia customers who have purchased from the original author can also benefit.

If you have mosMedia 1.0.8 installed you should download our mosMedia 1.0.8 security patch and FTP the files into place, the mosMedia 1.0.8 security patch file contains nested directories so you can work out where the files need to go. There is no version number change as we are not the developers of mosMedia we cannot change the version number - but mosMedia 1.0.8 security patch should prevent you getting hacked through mosMedia files.

Please read about other components that may be hackable at our website’s Blog/Latest News http://blog.phil-taylor.com/

If you wish to attempt to contact the original author please try his website at: http://www.ag-solutions.net/

Phil Taylor - Looking out for you and your site!
Last edited by RobS on Sun Jul 23, 2006 8:07 pm, edited 1 time in total.
Phil Taylor
- https://mySites.guru - Manage Multiple Joomla/WordPress Sites In One Dashboard for Security, Audits, Backups and more....
- https://www.phil-taylor.com/

User avatar
Chinaman
Joomla! Guru
Joomla! Guru
Posts: 575
Joined: Sun Aug 21, 2005 8:46 am
Location: Perth, Western Australia
Contact:

Re: [Fix Avail] Very Important mosMedia Security risks

Post by Chinaman » Fri Jul 21, 2006 4:10 am

Once again, thanks Phil for the time and effort you put in, to assist the OS community.
Joomla! - enjoying every minute of the journey!

steve0
I've been banned!
Posts: 102
Joined: Thu Oct 06, 2005 12:59 pm

Re: [Fix Avail] Very Important mosMedia Security risks

Post by steve0 » Sun Jul 23, 2006 4:44 pm

hmmm, slight problem, i still have mosmedia release 1.05 and havent managed to contact brian for the latest updates, it seems my username or password has been changed (or account deleted) since i last visited about 5-6 -odd months ago.
have had absolutely no reply in any form from him despite many many mails.

this security patch you speak of, can i use this for the 1.05 release?

if not im talking to paypal to try to get my dosh back, its a shame because its quite a neat little component. Cant anyone else just take the code and continue it? its obvious that brian isnt interested any more, either that or he`s either in hospital or jail that is..


steve0
http://www.media-hunter.com - a complete waste of time

User avatar
PhilTaylor-Prazgod
Joomla! Ace
Joomla! Ace
Posts: 1402
Joined: Sat Aug 20, 2005 12:32 pm
Location: Jersey, Channel Islands
Contact:

Re: [FIX AVAIL.] Very Important mosMedia Security risks

Post by PhilTaylor-Prazgod » Mon Jul 24, 2006 8:30 am

The patch I created is for mosmedia 1.0.8 but should work on older versions, possibly, but never tried.  It overwrites whole files so may infact be more of a pain.
Phil Taylor
- https://mySites.guru - Manage Multiple Joomla/WordPress Sites In One Dashboard for Security, Audits, Backups and more....
- https://www.phil-taylor.com/

User avatar
gewre
Joomla! Apprentice
Joomla! Apprentice
Posts: 14
Joined: Sat Feb 11, 2006 8:13 am
Contact:

Re: [FIX AVAIL.] Very Important mosMedia Security risks

Post by gewre » Mon Jul 24, 2006 8:40 am

Thanks again Phil

steve0
I've been banned!
Posts: 102
Joined: Thu Oct 06, 2005 12:59 pm

Re: [Fix Avail] Very Important mosMedia Security risks

Post by steve0 » Tue Aug 08, 2006 10:00 am

steve0 wrote: hmmm, slight problem, i still have mosmedia release 1.05 and havent managed to contact brian for the latest updates, it seems my username or password has been changed (or account deleted) since i last visited about 5-6 -odd months ago.
have had absolutely no reply in any form from him despite many many mails.

this security patch you speak of, can i use this for the 1.05 release?

if not im talking to paypal to try to get my dosh back, its a shame because its quite a neat little component. Cant anyone else just take the code and continue it? its obvious that brian isnt interested any more, either that or he`s either in hospital or jail that is..


steve0
just tried the patch, it doesnt work if you have the 1.05 release, no video is shown.

CAN SOMEONE PLEASE SEND ME AN UPDATED VERSION - PATCH TO GET ME TO 1.08
I have 400+ media on my site and i need this security patch asap.

thanx

steve0
http://www.media-hunter.com - a complete waste of time

nam207
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Sun Jan 14, 2007 5:05 pm

Re: [FIX AVAIL.] Very Important mosMedia Security risks

Post by nam207 » Sun Jan 21, 2007 12:11 pm

I have a very quick question, I've heard that mosmedia overwrite some core files, so by clicking uninstall in Joomla admin interface, do I completely remove MosMedia? Is there anything that I have to do manually to remove it?

Thank you,

User avatar
Last BoyScout
Joomla! Intern
Joomla! Intern
Posts: 51
Joined: Thu Aug 18, 2005 10:19 pm
Location: Netherlands
Contact:

Re: [FIX AVAIL.] Very Important mosMedia Security risks

Post by Last BoyScout » Tue Sep 18, 2007 11:36 pm

It seems that Mosmedia is totaly abandoned. The site http://www.ag-solutions.net is down for a few months now.

karryberry
I've been banned!
Posts: 21
Joined: Wed Dec 19, 2007 10:36 pm

Re: [FIX AVAIL.] Very Important mosMedia Security risks

Post by karryberry » Thu Dec 20, 2007 8:07 am

i have since stopped using mosmedia as i noticed this vulenerability and removed it, i am working on a replacement now.
smile


Locked

Return to “3rd Party/Non Joomla! Security Issues”