Client Login 
Community 
Contact Us 
LinkBack URL
About LinkBacksSource: http://news.netcraft.com/archives/20..._ joomla.html
Mambo Patch: http://news.mamboserver.com/index.ph...tpage&Itemid=1Potentially serious security flaws have been found in existing versions of the Mambo and Joomla content management systems, and developers of the two projects are advising users to install upgrades or security patches as soon as possible. Both programs are vulnerable to SQL injection attacks, which allow remote attackers to execute commands on the web server in by typing SQL code into form fields. Joomla is a fork of Mambo, with both programs derived from the same code base...
These applications are popular with web site owners because they are powerful, user-friendly, and can be installed by users with little or no PHP coding experience. They are also frequently targeted by Internet criminals seeking to crack web servers for use in botnets, phishing scams and distributed denial of service (DDoS) attacks.
Joomla! Upgrade: http://www.joomla.org/content/view/1510/74/
Welcome to the JaguarPC Community
Results 1 to 3 of 3
This is a discussion on SQL Injection Weaknesses Found in Mambo, Joomla in the Open Discussion & Chit-chat forum
Source: http://news.netcraft.com/archives/20..._ joomla.html
Potentially serious security flaws have been found in existing versions of the Mambo and Joomla content management systems, and developers of the ...
-
06-27-2006, 05:30 PM #1Yeah, I know a LOT!
- Join Date
- Mar 2003
- Location
- Arizona Uplands
- Posts
- 10,775
SQL Injection Weaknesses Found in Mambo, Joomla
Last edited by Vin DSL; 06-27-2006 at 05:34 PM.
DISCLAIMER Any resemblance between the views expressed above and those of the owners and operators of this system is purely coincidental. Any resemblance between these views and my own are non-deterministic. The existence of Vin DSL is questionable. The existence of views in the absence of anyone to hold them is problematic. The existence of the reader is left as an exercise in the second-order coefficient.
No Guts, No Story! VinDSL © 2010
-
06-28-2006, 01:51 AM #2Yeah, I know a LOT!
- Join Date
- Mar 2003
- Location
- Arizona Uplands
- Posts
- 10,775
Okay, here's the deal...
Personally, I don't run Mambo. IMHO, Mambo is a loser!
Heh! Do 'they' really think they can solve all their security vulns by adding two lines of code? Boneheads!
However, I do run Joomla! It's a winner!
In order to upgrade from Joomla! 1.0.3 -> 1.0.10, all I did was overwrite the files on JagPC with the files in the Joomla! 1.0.10 (full) distro... Simple pimple!
When I logged in the first time, Joomla! told me to delete the installation directory and come back when I was done. Smart!
After doing that, everything looked okay, so I logged on as an admin. Hrm... all of a sudden there were two VinDSL super admins?!?!? Dumb! Then, again, maybe somebody had already hacked my site, yes?
I deleted the second VinDSL, and changed the password on the first VinDSL. Smart!
That's was it! If you're running Joomla! it's an easy fix!
http://joomla.lenon.com/DISCLAIMER Any resemblance between the views expressed above and those of the owners and operators of this system is purely coincidental. Any resemblance between these views and my own are non-deterministic. The existence of Vin DSL is questionable. The existence of views in the absence of anyone to hold them is problematic. The existence of the reader is left as an exercise in the second-order coefficient.
No Guts, No Story! VinDSL © 2010
-
06-28-2006, 10:02 PM #3Jag Veteran
- Join Date
- Oct 2003
- Location
- Location: Location:
- Posts
- 633
thanks for the heads-up, Vin. I'd have missed that until the weekend.
Reply With Quote
Posting Permissions
Get Social:
Copyright © 2011 JaguarPC.com
Bookmarks