Sure does, and works like a charm. Thanks!
[FIXED in 1.0.10] SQL Injection vulnerability Joomla! 1.0.9 Stable
Moderator: General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
-
- Joomla! Apprentice
- Posts: 19
- Joined: Mon Dec 26, 2005 11:59 pm
-
- Joomla! Intern
- Posts: 90
- Joined: Thu Jun 15, 2006 2:18 am
Re: [CONFIRMED] Is Joomla secure against that?
Can you tell me if your fix corrects the weblinks display in the administration control panel? There is no weblinks class file in the admin interface, so I would think the display in the admin control panel would still display them incorrectly, unless I am wrong on this.friesengeist wrote:Which one? The fix from the last post, or the one from post #36? #36 should work. You need to save the weblinks that have backslashes again though, without the backslashes...
-
- Joomla! Guru
- Posts: 842
- Joined: Sat Sep 10, 2005 10:31 pm
Re: [CONFIRMED] Is Joomla secure against that?
The class file in /components/weblinks/weblinks.class.php is also used for the administrator part of your website. No need to duplicate codeddmobley wrote: Can you tell me if your fix corrects the weblinks display in the administration control panel? There is no weblinks class file in the admin interface, so I would think the display in the admin control panel would still display them incorrectly, unless I am wrong on this.
But as said before, it only comes to work when you resave weblink items without the backslashes in it. They won't go away magically
We may not be able to control the wind, but we can always adjust our sails
- Umbungo
- Joomla! Apprentice
- Posts: 47
- Joined: Fri Apr 11, 2008 8:11 am
Re: [FIXED in 1.0.10] SQL Injection vulnerability Joomla! 1.0.9
Hi everyone
I'm using the jDownloads component in Legacy mode on my Joomla 1.5.9 website.
Having found the website to be running extreemly slowly I installed SSRRN Free Anti-Hacker for joomla 1.5 and it sent me tons of emails with the following :
IP Address: 74.6.18.254
URL: http://www.vaultfiles.com/index.php
Referer (if any): http://www.vaultfiles.com
Query String: option=com_jdownloads&Itemid=1&task=view.download&cid=203
Violation: Injection - [0]
each mail contained a different IP adress and the Query String had different cid numbers on the end, when I restored the SQL to an earlier version I found the website to run smoothly again.
I'm very novice at SQL Query and I have informed 'Arno' (creator of jDownloads) of the issue, but I'm sure he hasn't had time to see my post yet.
Can any one help me get to the bottom of whats causing this, I have seen similer catid code within jDownloads that similer to whats mentions on page three of this forum post.
infograf768 - I have seen so many of your posts in the past and they have been of great help to me, you are a Joomla star.
A note on hackers, I personally think that hacking should be recognised as a mental disorder, people that do so are not mentally equipted to be proper members of society and should get the mental care they need to help them reform back in to society, I feel very sorry for such individuals as I'm sure they are unaware of just how sad it is to hack a website.
I'm using the jDownloads component in Legacy mode on my Joomla 1.5.9 website.
Having found the website to be running extreemly slowly I installed SSRRN Free Anti-Hacker for joomla 1.5 and it sent me tons of emails with the following :
IP Address: 74.6.18.254
URL: http://www.vaultfiles.com/index.php
Referer (if any): http://www.vaultfiles.com
Query String: option=com_jdownloads&Itemid=1&task=view.download&cid=203
Violation: Injection - [0]
each mail contained a different IP adress and the Query String had different cid numbers on the end, when I restored the SQL to an earlier version I found the website to run smoothly again.
I'm very novice at SQL Query and I have informed 'Arno' (creator of jDownloads) of the issue, but I'm sure he hasn't had time to see my post yet.
Can any one help me get to the bottom of whats causing this, I have seen similer catid code within jDownloads that similer to whats mentions on page three of this forum post.
infograf768 - I have seen so many of your posts in the past and they have been of great help to me, you are a Joomla star.
A note on hackers, I personally think that hacking should be recognised as a mental disorder, people that do so are not mentally equipted to be proper members of society and should get the mental care they need to help them reform back in to society, I feel very sorry for such individuals as I'm sure they are unaware of just how sad it is to hack a website.
- infograf768
- Joomla! Master
- Posts: 19133
- Joined: Fri Aug 12, 2005 3:47 pm
- Location: **Translation Matters**
Re: [FIXED in 1.0.10] SQL Injection vulnerability Joomla! 1.
I suggest you save your time by forgetting about Joomla 1.0.x outdated and not maintained any more version.
Use 1.5.23, or 1.7.0
Use 1.5.23, or 1.7.0
Jean-Marie Simonet / infograf
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group
- mandville
- Joomla! Master
- Posts: 15153
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: [FIXED in 1.0.10] SQL Injection vulnerability Joomla! 1.
topic locked due to age
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
portable mini golf https://www.putterspalace.co.uk/
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
portable mini golf https://www.putterspalace.co.uk/