Com_media problem

Discussion regarding Joomla! 2.5 security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Locked
weBmeddem12
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Tue Nov 18, 2014 8:00 pm

Com_media problem

Post by weBmeddem12 » Tue Nov 18, 2014 9:46 pm

Hi,
I've been having a problem for many months with a com_media exploit on (currently) Joomla 2.5.27. I have followed all the instructions in terms of cleaning up a site. No out of date components/plugins, all unused extensions uninstalled. I have a ridiculous username and password, a Stop Brute Force component and a firewall (added after the hack, so while nothing new is coming in, something is still there from before.)

Today, I finally bit the bullet and upgraded the site to Joomla 3.3.6. But, no matter what I do, I can still see a page which is a form that I can upload images to:

http://www.mysite.com/index.php?option= ... r=&folder=

I have seen plenty of videos on how to exploit this vulnerability but no solutions on how to fix it once you have it. I realise it was plugged several versions ago, but the Joomla upgrades do not help me, and redirects don’t work either.

Does anyone have a solution?
Kind regards

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14819
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Com_media problem

Post by mandville » Tue Nov 18, 2014 11:34 pm

If you think it's a core exploit contact developer.joomla.org/security.
If you think It's a vel issue. Contact vel.joomla.org
include a link to the videos and what you did to resolve the issue before
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

RedEye
Joomla! Ace
Joomla! Ace
Posts: 1460
Joined: Sat Jan 21, 2006 8:42 pm

Re: Com_media problem

Post by RedEye » Wed Nov 19, 2014 1:06 am

weBmeddem12 wrote:Does anyone have a solution?
Yes, fix your permissions! Unauthenticated users do not have access to the media manager unless you give it to them...

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14819
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Com_media problem

Post by mandville » Wed Nov 19, 2014 1:42 am

1. run and post the fpa
2. from a clean installation, instal admintools /aclmanager
3. run a permissions fix from admintools.
4. run an audit using acl manager.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

weBmeddem12
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Tue Nov 18, 2014 8:00 pm

Re: Com_media problem

Post by weBmeddem12 » Wed Nov 19, 2014 8:26 am

Thanks for your responses. You have given me an idea, I think it could be a permissions issue that was messed with during the original hack. However, I was a bit stupid to try this when I'm about to go on leave ;) Will repond when I'm back - it's a large site.

As for where the videos are: Just Google "Joomla com_media hack". First thing that comes up is a [youtube] tutorial, and there are plenty of them. But, I think that’s the original vulnerability was plugged last year. You are just in trouble if you got nailed before upgrading or have your site with a bad host, as was the case with this site.

RedEye
Joomla! Ace
Joomla! Ace
Posts: 1460
Joined: Sat Jan 21, 2006 8:42 pm

Re: Com_media problem

Post by RedEye » Wed Nov 19, 2014 12:03 pm

weBmeddem12 wrote:But, I think that’s the original vulnerability was plugged last year.
Right, there was a "vulnerability" with uploading files if you add a dot to the end. However, only authenticated users should have access to the media manager... means if you can see the upload form with the link you postet it's your fault because you gave access to public, fix it and you're good...


Locked

Return to “Security in Joomla! 2.5”