Help! Dangerous File Inclusion issue...

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
kitecloud
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Thu Feb 11, 2010 8:01 am

Help! Dangerous File Inclusion issue...

Postby kitecloud » Fri Feb 12, 2010 6:12 am

Hello, everyone.

I got a security alert with "Dangerous File Inclusion" by using security software. It means that an attacker can take complete control of the dynamic include statement by supplying a malicious value for controller that causes the program to include a file from an external site. The report pointed out that the code in base file of componenet such as :

Code: Select all

require_once( JPATH_COMPONENT.DS.'controller.php' );
 
// Require specific controller if requested
if($controller = JRequest::getVar('controller')) {
    $path = JPATH_COMPONENT.DS.'controllers'.DS.$controller.'.php';
    if (file_exists($path)) {
        require_once $path;
    } else {
        $controller = '';
    }
}
 
// Create the controller
$classname    = 'DownloadController'.$controller;
$controller   = new $classname( );


But the code was that I copied from the Joomla hello world component. How could I fix this issue? :(

User avatar
lafrance
Joomla! Ace
Joomla! Ace
Posts: 1116
Joined: Thu Jan 11, 2007 5:02 pm
Location: Alberta,Canada
Contact:

Re: Help! Dangerous File Inclusion issue...

Postby lafrance » Fri Feb 12, 2010 6:39 am

Hello.

1. Run the forum post assistant and security tool

2. Ensure you have the latest version of Joomla. We recommend update manager

3. Review Vulnerable Extensions List

4. Review and action Security Checklist checklist 7 to make sure you've gone through all of the steps.

5. Change all passwords and if possible user names for the website host control panel and your Joomla site.This include FTP,Cpanel etc.

6. Use proper permissions on files and directories. They should be max permissions of 644 for files & 755 for folders with no exceptions.

7.to reset your admin password http://docs.joomla.org/How_do_you_recov ... assword%3F

8.viewtopic.php?f=428&t=272481
VEL contributor @ http://docs.joomla.org/Investigation_of_exploits
OSM,Trademark and Licensing Team,jed editor
Please no pm direct contact irc freenode.net #joomla

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14260
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Help! Dangerous File Inclusion issue...

Postby mandville » Fri Feb 12, 2010 5:22 pm

kitecloud wrote:Hello, everyone.
I got a security alert with "Dangerous File Inclusion" by using security software.


what security software, who made it, where did you get it from?
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

jeffchannell
Joomla! Ace
Joomla! Ace
Posts: 1964
Joined: Tue Jun 09, 2009 2:21 am
Location: WV
Contact:

Re: Help! Dangerous File Inclusion issue...

Postby jeffchannell » Fri Feb 12, 2010 7:53 pm

Change this line:

Code: Select all

if($controller = JRequest::getVar('controller')) {

to

Code: Select all

if($controller = JRequest::getWord('controller')) {
http://jeffchannell.com - Joomla Extensions & Support
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
καλλιστι

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14260
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Help! Dangerous File Inclusion issue...

Postby mandville » Fri Feb 12, 2010 8:00 pm

jeff - does this need changing in the docs? eg as out of date etc?
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

jeffchannell
Joomla! Ace
Joomla! Ace
Posts: 1964
Joined: Tue Jun 09, 2009 2:21 am
Location: WV
Contact:

Re: Help! Dangerous File Inclusion issue...

Postby jeffchannell » Fri Feb 12, 2010 8:11 pm

I would say so - using the posted code results in a local file include if the "controller" variable is sent using a relative path ending in a NUL byte:

Code: Select all

index.php?option=com_component&controller=../../../.htaccess%00
http://jeffchannell.com - Joomla Extensions & Support
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
καλλιστι

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14260
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Help! Dangerous File Inclusion issue...

Postby mandville » Fri Feb 12, 2010 8:46 pm

missread that as a NO for a minute!
ok - i have changed the code so that all functions now look not for the variables but the actual words. also changed the text to idicate its a word variable and not just a "variable"
can you double check for me.. (thinking in plesk atm) and think the view command may be messed up as its looking for the variables and not the words.. i have also marked it for tech review
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

kitecloud
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Thu Feb 11, 2010 8:01 am

Re: Help! Dangerous File Inclusion issue...

Postby kitecloud » Tue Feb 23, 2010 10:09 am

OK. I will fix this issue and try again. Thank you very much!


Return to “Security in Joomla! 1.5”

Who is online

Users browsing this forum: No registered users and 12 guests