SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
IT News
Search
SecurityAlert Database
About SecurityAlert
ExploitAlert Database
SecurityReason Research
WLB
WLB Database
Send to WLB
About WLB
Services
Security Audit
Schedule
Prices of services
Contact
RSS
SecurityReason IT News
SecurityAlert
World Laboratory of Bugtraq
ExploitAlert
Apache
PHP
Corporate
Contact
About SecurityReason
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Home arrow SecurityAlert Database

Arrow  Topic :

Multiple CSRF in Joomla all versions - Complete compromise


Arrow  SecurityAlert : 3505
Arrow  CVE : CVE-2007-6642
Arrow  SecurityRisk : Medium  Security Risk Medium  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Exploit Available : No
Arrow  Credit : Zinho
Arrow  Published : 01.01.2008

Arrow  Affected Software : Joomla All (1.0.13 and 1.5 rc3 tested)



Arrow  Advisory Content :  

[HSC] Multiple CSRF in Joomla all versions - Complete compromise


Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Armando Romeo aka Zinho


Class: CSRF
Remote: Yes
Risk: HIGH

Product: Joomla
Version: All (1.0.13 and 1.5 rc3 tested)
Vendor: http://www.joomla.com
Patch: Joomla 1.5 RC4



"Joomla! is one of the most powerful Open Source Content Management
Systems on the planet. It is used all over the world for everything
from simple websites to complex corporate applications. Joomla! is easy
to install, simple to manage, and reliable"



Joomla is vulnerable to CSRF attacks into all of its released versions
including the RC3 of 1.5.


+] Affected areas

-Users
The attack allows everyone (no privileges needed) to add a new Super
Admin by just having a Super Admin visiting a url

-Extension installation
The attack allow everyone (no privileges needed) to upload an extension
from a remote location, thus having malicious PHP scripts on server.
Read PHP shell.

-Global configuration
The attack allows everyone (no privileges needed) to change all the
aspects of the site main configuration, including database configuration.

Defacement or complete portal compromise is possible including having
access to the database.


+] Notes

Joomla has been contacted on 12/4/2007. Fast and professional response
was given. Patched in SVN 4 days later and then with the RC4 release.
Time to face CSRF, community!

+] Patch

Patch of the above vulnerabilities is included into the RC4 release of
Joomla 1.5
As far as I know 1.0 has not been fixed so all the 1.0.x versions are
vulnerable and unpatched,
that's why I'm not including a POC here.

http://kit.hackerscenter.com - The most comprehensive security pack you
will ever find on the net!
--
----
Zinho

Webmaster and Founder

Hackers Center
Internet Security Portal
www.hackerscenter.com





Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc/fnmatch(3) DoS

Security Risk Medium- 2011-05-13

Allow attacker to denial of service apache 2.2.17 server
Apache RSS Apache Alert

» Apache HTTP Server Denial
   of Service Vulnerability

» Multiple Vendors
   libc/fnmatch(3) DoS (incl
   apache poc)

» Apache Continuum
   cross-site scripting
   vulnerability

» Apache Tomcat DoS
   Vulnerability
PHP RSS PHP Alert

» PHP Hashtables Denial of
   Service

» PHP 5.3.6 multiple null
   pointer dereference

» PHP 5.3.6 ZipArchive
   invalid use glob(3)

» libzip 0.9.3
   _zip_name_locate NULL
   Pointer Dereference (incl
   PHP 5.3.5)
ADT

Protect your family and valuables with Home Security Systems
Copyright © SecurityReason.com. All Rights Reserved.