|
|
<p>Hi,</p>
<p>My site was hacked, using SQL injection vulnerability in Joomla Tags component.</p>
<p>I have updated the component to latest version (1.3.3), but the problem is still there.</p>
<p>This is file components/com_tag/views/tag/view.html.php</p>
<p>function getTagsForArticle</p>
<p>variable $cid is not checked and there can be any string inserted in SQL query.</p>
<p>Hacker used something like this.</p>
<p>/index.php?option=com_tag&controller=tag&task=add&article_id=-260479/**//*!union*//**//*!select*//**/concat(username,0x3a,password,0x3a,usertype)/**/from/**/njos_users/**/&tmpl=component .</p>
<p>And this allowed to get or change password for admin user. After this call he was able to login to my site as admin user.</p>
<p>I did simple fix on code on my site</p>
<p>function getTagsForArticle(){<br /> $cid=JRequest::getString('article_id');<br /> $cid=strval(intval($cid));<br /> if($cid<0) $cid=0;</p> |
IP Logged
|
