The Joomla! Forum ™

Download

Demo


Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x » 3rd Party/Non Joomla! Security Issues



Post new topic Reply to topic  Page 1 of 1
  [ 2 posts ] 
  Print view Previous topic | Next topic 
Author Message
pzotov
 Post subject: Backdoor in joomlaFCK
PostPosted: Mon Aug 28, 2006 2:26 pm 
Joomla! Fledgling
Joomla! Fledgling
Offline

Joined: Mon Mar 20, 2006 4:52 pm
Posts: 1
Any user can upload files to your site.

joomlaFCK <= 1.1.5
http://www.site.com/mambots/editors/fck ... nector.php

joomlaFCK 1.2.0
http://www.site.com/mambots/editors/fck ... nector.php

joomlaFCK disallows to upload .php-files, but it allows to upload .htaccess (with Type=File or Type=files). So AddType directive in .htaccess allows to run any file as php.

My solution:
File:
mambots/editors/fckeditor/editor/filemanager/browser/default/connectors/php/config.php

After line 27 add:
Code:
// Added by Pavel V. Zotov 20060720
define( '_VALID_MOS', 1 );

$allowed_backend_groups = array(23,24,25);

require_once( $mosConfig_absolute_path."/globals.php" );
require_once( $mosConfig_absolute_path."/includes/joomla.php" );
session_name( md5( $mosConfig_live_site ) );
session_start();
$mainframe = new mosMainFrame( $database, '', $mosConfig_absolute_path, 1 );
$my = $mainframe->initSessionAdmin( null, null );
if( !in_array( $my->gid, $allowed_backend_groups ) ) die( 'Restricted access' );
// end of addition by Pavel V. Zotov


So, only SuperAdministrator, Administrator or Manager (logged in backend) can use filemanager in joomlaFCK

Also you should to dissalow .htaccess


Last edited by pzotov on Mon Aug 28, 2006 2:33 pm, edited 1 time in total.

Top
 Profile  
 
smart
PostPosted: Mon Sep 04, 2006 8:31 am 
User avatar
Joomla! Intern
Joomla! Intern
Offline

Joined: Thu Aug 18, 2005 1:33 pm
Posts: 90
Location: Sebastopol
pzotov wrote:
joomlaFCK disallows to upload .php-files, but it allows to upload .htaccess (with Type=File or Type=files). So AddType directive in .htaccess allows to run any file as php.
I'm wrote mail to Frederico Caldeira Knabben (FCKEditor author) and got answer about this problem:

«Thanks for the advice. I'll add the htaccess to the list of denied extensions. Actually the real solution would be to set the list of allowed extensions instead, but I would have a lot of complains regarding missing extensions there.»

_________________
Joomlaportal.ru News, articles and tutorials
Joomlaforum.ru Russian Joomla Support Forum
Member of the Russian Joomla Translation Team
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 2 posts ] 


Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x » 3rd Party/Non Joomla! Security Issues

Who is online

Users browsing this forum: No registered users and 8 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group