« Nina: Our Daily Guest | Home | Hyderabad To Have Metropolitan Status »
Joomla Sites Exploited By Critical Vulnerabilities
Posted by Pradeep Sadanapalli | August 23, 2008 | 396 views
(2 votes, average: 4.5 out of 5)
Loading ...
Websites that use Joomla, an open source content management system, are vulnerable to the latest round of SQL injection attacks, says a security researcher.
Christoph Alme, a malware specialist at security firm Secure Computing, said, “There are more than five million Joomla pages out there.”
The latest attack, discovered over the weekend by Secure Computing, used search engines to speed up their search for vulnerable web pages into which they can inject SQL statements that will steal passwords to bank, game and other accounts.
The criminals searched for asp.net pages that contained vulnerable order forms and sign-on details. Once they discovered an unprotected page, they used it to place SQL code on the underlying database that recorded personal details of visitors to the site. More than 14,000 web pages were infected in the weekend attack.
“There has been a big rise in SQL injection attacks this year,” Alme said. He said the current attack, which infected at least 20 popular UK sites, was dangerous because it was aimed at sites that people were likely to visit regularly.
“Government sites are as vulnerable as commercial sites,” he said. “The visitor may have visited the site last week without problems. This week he trusts the site, but is hit by a drive-by attack,” Alme said.
He said the criminals also hid malware in downloads of popular software such as QuickTime and RealPlayer.
Critical password-reset forgery issue:
Heads-up to Joomla users: There’s a patch out for a critical password-reset forgery issue that could compromise your content management system. Oh, by the way, it’s already being actively exploited.
The open-source group warns in an advisory that the issue affects Joomla version 1.5.5 and all previous 1.5 releases.
“This is a quick turnaround security release to address a high level security issue and it is recommended all users upgrade immediately,” Joomla added. Exploit code is publicly available.
The details:
A flaw in the reset token validation mechanism allows for non-validating tokens to be forged. This will allow an unauthenticated, unauthorized user to reset the password of the first enabled user (lowest id). Typically, this is an administrator user. Note, that changing the first users username may lessen the impact of this exploit (since the person who changed the password does not know the login associated with the new password).
However, Joomla maintainers warn that the only way to completely rectify the issue is to upgrade to version 1.5.6 or patch the /components/com_user/models/reset.php file.
SOURCES:
ComputerWeekly.COM
ZDnet
Topics: What's UP, Information Technology |
Comments
You must be logged in to post a comment.