How To Check Data Base For SQL Injections

Discussion regarding Joomla! 2.5 security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Locked
ReelTackle
Joomla! Apprentice
Joomla! Apprentice
Posts: 8
Joined: Mon Sep 15, 2014 2:33 am

How To Check Data Base For SQL Injections

Post by ReelTackle » Wed Oct 29, 2014 1:25 pm

Hi Guys
I think my site may have been compromised and I am trying to find out how we can check if anything has been injected into the data base.
I had an email sent out to about 168 members which is just a small amount of my membership base.
We do not know how they did this and we are still looking but to date we cannot see anything suspicious.
How can we check the DB to see if there is anything added.

Below is my FPA
Last PHP Error(s) Reported :: Forum Post Assistant (v1.2.4) : 29th October 2014 wrote:[29-Oct-2014 21:01:49 Australia/Brisbane] PHP Warning: str_split() [<a href='function.str-split'>function.str-split</a>]: The length of each segment must be greater than zero in /home/reeltack/public_html/jamss.php on line 273
Forum Post Assistant (v1.2.4) : 29th October 2014 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 2.5.27-Stable (Ember) 30-September-2014
Joomla! Platform :: Joomla Platform 11.4.0-Stable (Brian Kernighan) 03-Jan-2012
Joomla! Configured :: Yes | Writable (644) | Owner: reeltack (uid: 1/gid: 1) | Group: reeltack (gid: 1) | Valid For: 2.5
Configuration Options :: Offline: 0 | SEF: 0 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: none | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.18-308.8.2.el5 | Technology: x86_64 | Web Server: Apache | Encoding: gzip,deflate | Doc Root: /home/reeltack/public_html | System TMP Writable: Yes

PHP Configuration :: Version: 5.3.29 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 22519 | Log Errors To: error_log | Last Known Error: 29th October 2014 21:01:49. | Register Globals: 0 | Magic Quotes: | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 256M | Max. POST Size: 256M | Max. Input Time: 60000 | Max. Execution Time: 30000 | Memory Limit: 512M

MySQL Configuration :: Version: 5.5.37-cll (Client:5.5.37) | Host: --protected-- (--protected--) | Collation: latin1_swedish_ci (Character Set: latin1) | Database Size: 548.28 MiB | #of Tables:  205
Detailed Environment :: wrote:PHP Extensions :: Core (5.3.29) | date (5.3.29) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7-dev) | zlib (1.1) | bcmath () | calendar () | ctype () | curl () | dom (20031129) | hash (1.0) | filter (0.11.0) | ftp () | gd () | gettext () | SPL (0.2) | iconv () | session () | json (1.2.1) | mbstring () | mcrypt () | mysql (1.0) | mysqli (0.1) | standard (5.3.29) | apc (3.1.13) | posix () | pspell () | Reflection ($Id: 4af6c4c676864b1c0bfa693845af0688645c37cf $) | imap () | SimpleXML (0.1) | soap () | sockets () | exif (1.4 $Id$) | tokenizer (0.1) | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.11.0) | cgi-fcgi () | PDO (1.0.4dev) | pdo_sqlite (1.0.1) | SQLite (2.0-dev) | pdo_mysql (1.0.2) | Phar (2.0.1) | suhosin (0.9.33) | SourceGuardian (10.1) | ionCube Loader () | Zend Guard Loader () | Zend Engine (2.3.0) |
Potential Missing Extensions ::

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: No | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) ::
Extensions Discovered :: wrote:Components :: SITE :: com_mailto (2.5.0) | com_wrapper (2.5.0) |
Components :: ADMIN :: com_redirect (2.5.0) | com_categories (2.5.0) | com_users (2.5.0) | com_languages (2.5.0) | com_cache (2.5.0) | com_content (2.5.0) | com_messages (2.5.0) | com_installer (2.5.0) | com_plugins (2.5.0) | ixxocart (4.13.3.2) | com_menus (2.5.0) | com_weblinks (2.5.0) | com_checkin (2.5.0) | com_search (2.5.0) | com_joomlaupdate (2.5.0) | com_modules (2.5.0) | com_templates (2.5.0) | com_config (2.5.0) | com_media (2.5.0) | com_finder (2.5.0) | com_cpanel (2.5.0) | com_admin (2.5.0) | Admintools (3.3.1) | com_login (2.5.0) | Akeeba (4.0.5) | com_banners (2.5.0) | com_newsfeeds (2.5.0) |

Modules :: SITE :: Simple Tree Categories (1.4.2) | Cart Summary (2.1.0) | mod_footer (2.5.0) | Home Page Products (1.3.3) | Checkout (1.5.3) | mod_articles_archive (2.5.0) | Categories (1.9.3) | mod_custom (2.5.0) | Product Bestsellers (2.0.2) | mod_login (2.5.0) | mod_users_latest (2.5.0) | New Products (1.0.2) | mod_articles_categories (2.5.0) | Product Vendors (1.8.4) | Featured Vendor (1.7.4) | mod_feed (2.5.0) | mod_whosonline (2.5.0) | mod_breadcrumbs (2.5.0) | Top Pages (2.2.0) | mod_banners (2.5.0) | Categories(Vendorwise) (1.8.4) | Specials (1.0.3) | Recently Viewed Items (1.0.2) | Languages (1.1.4) | Product Types (1.6.3) | mod_weblinks (2.5.0) | IXXO Donate (1.8.4) | More Buying choices (1.0.0) | Vendor Search (1.7.3) | mod_syndicate (2.5.0) | Product View (1.3.4) | MyIXXOProfile (1.8.3) | mod_menu (2.5.0) | Wishcenter (1.0.3) | MOD_FACEBOOKLIKE (1.4.9.1) | mod_related_items (2.5.0) | Vendor Information (1.9.1) | Current Price (1.6.3) | Subscribe (1.5.3) | S5 Image Slide v2 (2.0.0) | MyIXXOCart (2.1.0) | mod_random_image (2.5.0) | mod_search (2.5.0) | mod_articles_latest (2.5.0) | mod_articles_popular (2.5.0) | mod_wrapper (2.5.0) | Product Query (1.0.4) | mod_languages (2.5.0) | Vendor Pages (1.0.2) | Product Search (1.7.3) | Product Manufacturers (1.7.4) | mod_stats (2.5.0) | SCLogin (4.2.1) | SFX Categories (1.4.3) | mod_articles_category (2.5.0) | Additional Pages (1.9.3) | mod_finder (2.5.0) | mod_articles_news (2.5.0) |
Modules :: ADMIN :: mod_version (2.5.0) | MOD_AKADMIN_TITLE (3.10.1) | mod_custom (2.5.0) | mod_login (2.5.0) | mod_multilangstatus (2.5.0) | mod_latest (2.5.0) | mod_feed (2.5.0) | mod_logged (2.5.0) | mod_submenu (2.5.0) | mod_title (2.5.0) | mod_menu (2.5.0) | mod_quickicon (2.5.0) | mod_popular (2.5.0) | mod_toolbar (2.5.0) | mod_status (2.5.0) |

Plugins :: SITE :: plg_authentication_gmail (2.5.0) | plg_authentication_ldap (2.5.0) | plg_authentication_joomla (2.5.0) | PLG_SYSTEM_BACKUPONUPDATE_TITL (3.7) | plg_system_log (2.5.0) | plg_system_languagefilter (2.5.0) | System - Admin Tools Update Em (1.0) | plg_system_languagecode (2.5.0) | System - One Click Action (2.1) | plg_system_cache (2.5.0) | plg_system_p3p (2.5.0) | plg_system_highlight (2.5.0) | plg_system_logout (2.5.0) | PLG_SYSTEM_AKGEOIP (1.0.2) | PLG_SRP_TITLE (4.0.5) | plg_system_debug (2.5.0) | plg_system_remember (2.5.0) | System - Admin Tools (3.3.1) | plg_system_redirect (2.5.0) | PLG_SYSTEM_AKEEBAUPDATECHECK_T (1.1) | plg_system_sef (2.5.0) | manage.myJoomla.com Secure Plu (n/a) | plg_vombiefacebooklike (1.4.9) | System - Admin Tools Joomla! U (1.0) | plg_editors_codemirror (1.0) | plg_editors_tinymce (3.5.4.1) | plg_jegroupbuypayment_jegroupb (1.0.0 Stable) | plg_extension_joomla (2.5.0) | plg_captcha_recaptcha (2.5.0) | plg_user_contactcreator (2.5.0) | plg_user_profile (2.5.0) | plg_user_joomla (2.5.0) | PLG_JMONITORING_AKEEBABACKUP_T (1.0) | plg_installer_akeebabackup (1.0) | plg_installer_admintools (1.0) | plg_search_weblinks (2.5.0) | Search - IXXO Cart (1.1) | plg_search_contacts (2.5.0) | plg_search_newsfeeds (2.5.0) | plg_search_categories (2.5.0) | plg_search_content (2.5.0) | plg_quickicon_akeebabackup (1.0) | plg_quickicon_extensionupdate (2.5.0) | plg_quickicon_joomlaupdate (2.5.0) | plg_editors-xtd_readmore (2.5.0) | plg_editors-xtd_image (2.5.0) | plg_editors-xtd_pagebreak (2.5.0) | plg_editors-xtd_article (2.5.0) | plg_finder_weblinks (2.5.0) | plg_finder_contacts (2.5.0) | plg_finder_newsfeeds (2.5.0) | plg_finder_categories (2.5.0) | plg_finder_content (2.5.0) | plg_content_emailcloak (2.5.0) | plg_content_loadmodule (2.5.0) | IXXO Item Price Plugin (1.0.1) | plg_content_geshi (2.5.0) | IXXO Add to Cart Button Plugin (1.8.1) | plg_content_pagebreak (2.5.0) | IXXO Item Plugin (1.0.2) | plg_content_vote (2.5.0) | plg_content_finder (2.5.0) | IXXO Homepage Products Plugin (1.0.2) | plg_content_joomla (2.5.0) | plg_content_pagenavigation (2.5.0) |
Templates Discovered :: wrote:Templates :: SITE :: beez5 (2.5.0) | atomic (2.5.0) | eshopper (1.0) | beez_20 (2.5.0) |
Templates :: ADMIN :: hathor (2.5.0) | bluestork (2.5.0) |

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14781
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: How To Check Data Base For SQL Injections

Post by mandville » Wed Oct 29, 2014 6:11 pm

can you compare you current db with aback up?
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

ReelTackle
Joomla! Apprentice
Joomla! Apprentice
Posts: 8
Joined: Mon Sep 15, 2014 2:33 am

Re: How To Check Data Base For SQL Injections

Post by ReelTackle » Wed Oct 29, 2014 11:58 pm

Hi Mandville
That is part of my problem.
The DB is over 500mb and contains a shopping cart so it is constantly changing every time something happens on the website.
A DB file is vastly different from the previous backup file although I guess the Joomla tables would be fairly constant.
I will look into it and see what I can do.
Thanks

User avatar
Slackervaara
Joomla! Guru
Joomla! Guru
Posts: 994
Joined: Sat Aug 13, 2011 6:27 am

Re: How To Check Data Base For SQL Injections

Post by Slackervaara » Sun Nov 30, 2014 7:57 pm

If an email was sent out you know the exact time, when this happened. Look in your access log of your host for that time and check what happened then. Did someone log in as administrator or super user for instance.


Locked

Return to “Security in Joomla! 2.5”