Free Web Hosting Forum
(#1)
Old
Bad Karma[CORE]'s Avatar
Bad Karma[CORE] Bad Karma[CORE] is offline
333 - only half evil
Bad Karma[CORE] is on a distinguished road
 
Posts: 6,916
Join Date: May 2008
Default Joomla 1.5x Exploit found - 08-14-2008, 03:57 PM

There is a Joomla Exploit around that you should be aware of. It works on any Joomla 1.5.x version.

It allows you to change the admin password without much effort, so you should secure the admin account by either downgrading it usergroup-wise or renaming it to something random with phpmyadmin.

here is one of two pieces of code that make this exploit possible

PHP Code:
Line 379-399
 
    
function confirmreset()
    {
        
// Check for request forgeries
        
JRequest::checkToken() or die( 'Invalid Token' );

        
// Get the input
        
$token JRequest::getVar('token'null'post''alnum');              < --- {1
                  
        
// Get the model
        
$model = &$this->getModel('Reset');

        
// Verify the token
        
if ($model->confirmReset($token) === false)   < --- {2}
        {
            
$message JText::sprintf('PASSWORD_RESET_CONFIRMATION_FAILED'$model->getError());
            
$this->setRedirect('index.php?option=com_user&view=reset&layout=confirm'$message);
            return 
false;
        }

        
$this->setRedirect('index.php?option=com_user&view=reset&layout=complete');
    } 


Get in touch with me

Reply With Quote
(#2)
Old
dalp dalp is offline
Member
dalp is on a distinguished road
 
Posts: 30
Join Date: Jul 2008
Default 08-16-2008, 01:00 PM

Thanks for the tip.
Joomla have released 1.5.6 as a security release. Do you know if this addresses this exploit?
Reply With Quote
(#3)
Old
Bad Karma[CORE]'s Avatar
Bad Karma[CORE] Bad Karma[CORE] is offline
333 - only half evil
Bad Karma[CORE] is on a distinguished road
 
Posts: 6,916
Join Date: May 2008
Default 08-16-2008, 02:08 PM

i donīt think itīs been addressed in 1.5.6. You wouldnīt have a Joomla installation of 1.5.6 at hand for me to test, would you ?


Get in touch with me

Reply With Quote
(#4)
Old
dalp dalp is offline
Member
dalp is on a distinguished road
 
Posts: 30
Join Date: Jul 2008
Default 08-16-2008, 03:43 PM

Easily arranged!. Will pm you the details
Reply With Quote
(#5)
Old
Bad Karma[CORE]'s Avatar
Bad Karma[CORE] Bad Karma[CORE] is offline
333 - only half evil
Bad Karma[CORE] is on a distinguished road
 
Posts: 6,916
Join Date: May 2008
Default 08-16-2008, 03:50 PM

Fixed in 1.5.6 apparently, so everyone should consider upgrading to the latest release.
Latest version i could make the exploit work on was 1.5.5, so anyone running a version prior to 1.5.5 please upgrade.

Here is the exploit announcement from Joomla.org:
http://developer.joomla.org/security...tionality.html


Get in touch with me


Last edited by Bad Karma[CORE]; 08-16-2008 at 04:29 PM.
Reply With Quote
(#6)
Old
dalp dalp is offline
Member
dalp is on a distinguished road
 
Posts: 30
Join Date: Jul 2008
Default 08-16-2008, 06:57 PM

Thanks for your efforts Bad Karma
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
vBulletin Skin developed by: vBStyles.com