Link Directory Component: Vulnerable File =>toolbar.linkdirectory.html.php

For all Non-Joomla! security issues. ie 3pd Components etc.

Moderator: General Support Moderators

Locked
User avatar
pisdoktor
Joomla! Explorer
Joomla! Explorer
Posts: 349
Joined: Fri Aug 19, 2005 8:41 am
Location: Denizli -Türkiye | C* |
Contact:

Link Directory Component: Vulnerable File =>toolbar.linkdirectory.html.php

Post by pisdoktor » Sun Aug 20, 2006 10:34 pm

If you use link directory component and component version is 1.0.3 or older:

- open toolbar.linkdirectory.html.php

- add this after line 8:

Code: Select all

defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );
or upgrade 1.1.0.

Regards
Soner
http://www.sonerekici.com - Personel Web Site

ericcfs2
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Thu Jul 13, 2006 8:21 pm
Contact:

Re: Link Directory Component: Vulnerable File =>toolbar.linkdirectory.html.php

Post by ericcfs2 » Fri Aug 25, 2006 12:27 pm

i was hacked today
this morning
and they defaced the web site
they put a lot of files
in /administrator/com_linkdirectory
i looked for upgrade
the component
the new version is 1.1.0
and some files in this version
don't have
defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );
so it 's not very  serious  :(

User avatar
pisdoktor
Joomla! Explorer
Joomla! Explorer
Posts: 349
Joined: Fri Aug 19, 2005 8:41 am
Location: Denizli -Türkiye | C* |
Contact:

Re: Link Directory Component: Vulnerable File =>toolbar.linkdirectory.html.php

Post by pisdoktor » Fri Aug 25, 2006 5:03 pm

which files?
http://www.sonerekici.com - Personel Web Site

ericcfs2
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Thu Jul 13, 2006 8:21 pm
Contact:

Re: Link Directory Component: Vulnerable File =>toolbar.linkdirectory.html.php

Post by ericcfs2 » Fri Aug 25, 2006 5:24 pm

in the component
there is a sub-directory named savant
all files in this directory and sub_directory don't have the line

eric

User avatar
pisdoktor
Joomla! Explorer
Joomla! Explorer
Posts: 349
Joined: Fri Aug 19, 2005 8:41 am
Location: Denizli -Türkiye | C* |
Contact:

Re: Link Directory Component: Vulnerable File =>toolbar.linkdirectory.html.php

Post by pisdoktor » Fri Aug 25, 2006 6:36 pm

you are right eric ;) i will fix it as soon as possible. Thanks
http://www.sonerekici.com - Personel Web Site

ericcfs2
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Thu Jul 13, 2006 8:21 pm
Contact:

Re: Link Directory Component: Vulnerable File =>toolbar.linkdirectory.html.php

Post by ericcfs2 » Fri Aug 25, 2006 7:46 pm

no pb
it 's a nice component
:)

jkrobin
Joomla! Apprentice
Joomla! Apprentice
Posts: 33
Joined: Mon Aug 29, 2005 3:10 pm

Re: Link Directory Component: Vulnerable File =>toolbar.linkdirectory.html.php

Post by jkrobin » Wed Sep 13, 2006 9:52 am

has there been an update to Link Directory to address this issue (and the same issue in the component's 'savant' directory)?

Thanks,

jkrobin

User avatar
choomla
Joomla! Explorer
Joomla! Explorer
Posts: 308
Joined: Wed Feb 22, 2006 7:11 pm
Location: Gothenburg, Kingdom of Sweden
Contact:

Re: Link Directory Component: Vulnerable File =>toolbar.linkdirectory.html.php

Post by choomla » Mon Sep 25, 2006 12:56 pm

I also would like to know, is it safe to use the BETA version????

annunaki
Joomla! Intern
Joomla! Intern
Posts: 89
Joined: Sun Oct 23, 2005 9:08 pm
Location: België

Re: Link Directory Component: Vulnerable File =>toolbar.linkdirectory.html.php

Post by annunaki » Thu Oct 26, 2006 9:36 am

I would like to know it too, the linkdirectory component seems to have disappeared from the extensions directory...?

User avatar
pisdoktor
Joomla! Explorer
Joomla! Explorer
Posts: 349
Joined: Fri Aug 19, 2005 8:41 am
Location: Denizli -Türkiye | C* |
Contact:

Re: Link Directory Component: Vulnerable File =>toolbar.linkdirectory.html.php

Post by pisdoktor » Thu Oct 26, 2006 10:42 am

i am sorry but i have not time to developing any component or module for joomla... my web site is down now and i dont support to you for some component and module :(

i have some personal problems. thanks for your understanding.

Regards
Soner
http://www.sonerekici.com - Personel Web Site

tedmcdonald
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Mon Jul 31, 2006 9:41 pm

Re: Link Directory Component: Vulnerable File =>toolbar.linkdirectory.html.php

Post by tedmcdonald » Sun Nov 19, 2006 3:11 am

Is Link Directory safe to use?  Is it repairable?

Please let me know.  I got hacked.

Ted

annunaki
Joomla! Intern
Joomla! Intern
Posts: 89
Joined: Sun Oct 23, 2005 9:08 pm
Location: België

Re: Link Directory Component: Vulnerable File =>toolbar.linkdirectory.html.php

Post by annunaki » Tue Nov 21, 2006 10:56 pm

pisdoktor wrote: i am sorry but i have not time to developing any component or module for joomla... my web site is down now and i dont support to you for some component and module :(

i have some personal problems. thanks for your understanding.

Regards
Soner
Hi Soner,

I see that your site is online (again), have you started working on the components again?

best,
annunaki

User avatar
pisdoktor
Joomla! Explorer
Joomla! Explorer
Posts: 349
Joined: Fri Aug 19, 2005 8:41 am
Location: Denizli -Türkiye | C* |
Contact:

Re: Link Directory Component: Vulnerable File =>toolbar.linkdirectory.html.php

Post by pisdoktor » Wed Nov 22, 2006 6:47 am

hi,
i have started working on the component but slowly :( some modules are not complete and link directory component is already beta. pls give me 1 month ;) i want to add some extra stuff in to the component and modules ;)

thanks
soner
http://www.sonerekici.com - Personel Web Site

SZippy
Joomla! Intern
Joomla! Intern
Posts: 78
Joined: Sun Jul 23, 2006 2:36 am

Re: Link Directory Component: Vulnerable File =>toolbar.linkdirectory.html.php

Post by SZippy » Sun Jan 28, 2007 5:14 pm

Hello Soner,

I also have been hacked here but on the original LinkDirectory >:( 
It had the Line // no direct access defined( '_VALID_MOS' ) or die( 'Restricted access' );  in all the php files but they found a way through the administrator/components/com_linkdirectory/toolbar.linkdirectory.php.  They installed IRC bots and Phishing directories to PayPal and a bank.  The site was shut down on Saturday by the hosting service.  We are still working on the site cleaning it out but we may decide to install a new 1.0.12 Joomla again just in case we missed something.
What would be the easiest way to upgrade your component to the new and safer version?  I noticed that after installing the newer version in a new site it responded quit differently.  Can I duplicate the layout of the original component if I upgrade and will I be able to keep the layout and not lose all the links from the database?  I have quite a few of them in the directories, probably close to 100 links.  This is the best component available for link listings and I would hate to have to rework everything with a different link component.
Any help would be greatly appreciated.

SZippy


Update I renamed the original folders in the admin component dir and in the components dir.  I reinstalled the new Link Directory and it worked fine.  The only thing is there are extra features that were not in the original.  This is not a problem at all.  So hopefully this moron who hacked the directory does not get in again.  If there is anything I should know about security issues with the new version please post the fix here.
Last edited by SZippy on Mon Jan 29, 2007 12:08 am, edited 1 time in total.


Locked

Return to “3rd Party/Non Joomla! Security Issues”