stylesheet hack

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
Brenda
Joomla! Apprentice
Joomla! Apprentice
Posts: 48
Joined: Thu Mar 02, 2006 4:12 am

stylesheet hack

Post by Brenda » Fri Feb 08, 2008 3:16 am

Test site with 1.5 stable - css folder left open like an idiot because I was testing templates from the contest & some were making the ini files unwriteable after first save.

One of the nicer one's that were in inserted at the bottom of .css files

BODY:before {
content: "This site has moved to somesite .com ******************************** please remember to change your bookmarks";
display: block;
margin: 70px auto;
font-size: 40px;
line-height: 50px;
background: #fff;
width: 500px;
padding: 2em;
overflow: hidden;
}

div, table, form {
display: none;
}


Didn't even know that any page content could be changed by stylesheets - I thought is was only for display not for adding words.
Live & learn

User avatar
PhilTaylor-Prazgod
Joomla! Ace
Joomla! Ace
Posts: 1205
Joined: Sat Aug 20, 2005 12:32 pm
Location: Jersey, Channel Islands
Contact:

Re: stylesheet hack

Post by PhilTaylor-Prazgod » Fri Feb 08, 2008 3:20 am

IIRC This will only work for Firefox/Other browsers and NOT Internet Explorer

But then I could be wrong :-)
Phil Taylor
Founder, Lead Developer
- https://mySites.guru - Manage Multiple Joomla/WordPress Sites In One Dashboard for Security, Audits, Backups and more....
- https://www.phil-taylor.com/ - My Twitter Streams

Brenda
Joomla! Apprentice
Joomla! Apprentice
Posts: 48
Joined: Thu Mar 02, 2006 4:12 am

Re: stylesheet hack

Post by Brenda » Fri Feb 08, 2008 3:41 am

Yep seems IE got it right for once

You just get a totally empty page instead LOL

I did a few searches when this happened & it seems that tokens can also be stolen by stylesheets - I don't understand that part - that's your department :)

Anyway the site is deleted & I learnt something

I really only mentioned it because it would be the last place, most people, would think to look for hacks IMHO

User avatar
infograf768
Joomla! Master
Joomla! Master
Posts: 18881
Joined: Fri Aug 12, 2005 3:47 pm
Location: **Translation Matters**

Re: stylesheet hack

Post by infograf768 » Fri Feb 08, 2008 4:26 pm

Weird and good to know indeed.
Jean-Marie Simonet / infograf · http://www.info-graf.fr
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group


Locked

Return to “Security in Joomla! 1.5”