Page 1 of 1

Com_media problem

Posted: Tue Nov 18, 2014 9:46 pm
by weBmeddem12
Hi,
I've been having a problem for many months with a com_media exploit on (currently) Joomla 2.5.27. I have followed all the instructions in terms of cleaning up a site. No out of date components/plugins, all unused extensions uninstalled. I have a ridiculous username and password, a Stop Brute Force component and a firewall (added after the hack, so while nothing new is coming in, something is still there from before.)

Today, I finally bit the bullet and upgraded the site to Joomla 3.3.6. But, no matter what I do, I can still see a page which is a form that I can upload images to:

http://www.mysite.com/index.php?option= ... r=&folder=

I have seen plenty of videos on how to exploit this vulnerability but no solutions on how to fix it once you have it. I realise it was plugged several versions ago, but the Joomla upgrades do not help me, and redirects don’t work either.

Does anyone have a solution?
Kind regards

Re: Com_media problem

Posted: Tue Nov 18, 2014 11:34 pm
by mandville
If you think it's a core exploit contact developer.joomla.org/security.
If you think It's a vel issue. Contact vel.joomla.org
include a link to the videos and what you did to resolve the issue before

Re: Com_media problem

Posted: Wed Nov 19, 2014 1:06 am
by RedEye
weBmeddem12 wrote:Does anyone have a solution?
Yes, fix your permissions! Unauthenticated users do not have access to the media manager unless you give it to them...

Re: Com_media problem

Posted: Wed Nov 19, 2014 1:42 am
by mandville
1. run and post the fpa
2. from a clean installation, instal admintools /aclmanager
3. run a permissions fix from admintools.
4. run an audit using acl manager.

Re: Com_media problem

Posted: Wed Nov 19, 2014 8:26 am
by weBmeddem12
Thanks for your responses. You have given me an idea, I think it could be a permissions issue that was messed with during the original hack. However, I was a bit stupid to try this when I'm about to go on leave ;) Will repond when I'm back - it's a large site.

As for where the videos are: Just Google "Joomla com_media hack". First thing that comes up is a [youtube] tutorial, and there are plenty of them. But, I think that’s the original vulnerability was plugged last year. You are just in trouble if you got nailed before upgrading or have your site with a bad host, as was the case with this site.

Re: Com_media problem

Posted: Wed Nov 19, 2014 12:03 pm
by RedEye
weBmeddem12 wrote:But, I think that’s the original vulnerability was plugged last year.
Right, there was a "vulnerability" with uploading files if you add a dot to the end. However, only authenticated users should have access to the media manager... means if you can see the upload form with the link you postet it's your fault because you gave access to public, fix it and you're good...