|AN OFFICIAL CONTRADICTION OF JOOMSPORT VULNERABILITY!|
|Friday, 29 June 2012 18:07|
Dear JoomSport fans,
The article about JoomSport vulnerability has been spread over the Internet few weeks ago.
1. The first announced vulnerability is Shell upload
The User expectations: Ability to upload the file to the disc using the script imgres.php for generating thumbnails
Why it doesn’t work: it's impossible, as there is no invocation of PHP functions that can read and save the file transferred by violators. This script works only with already uploaded files and if the file that has not been saved on disc is transferred - error occurs.
Also it has been alleged that uploaded shell will be in the folder: /components/com_joomsport/images/ but there is no such folder in JoomSport component and it is not created during it's activity
2. The second announced vulnerability is Blind SQL Injection
The User expectations: the direct call to the file func.php using the special request leads to executing any SQL statement.
Why it doesn’t work: it's impossible, as direct call to the file func.php is not allowed, there will be error 'Restricted access' - There is a line "defined( '_JEXEC' ) or die( 'Restricted access' );" at the very beginning.
Also there are no calls to the functions, there are only function definitions so even if there is ability for direct call - nothing will execute.
As well there are no functions that will allow to execute the SQL request during direct call to the file as it doesn't initialize Database connection, Joomla initializes Database connection, that calls the component and the component uses this file with functions.
We always do our best to protect JoomSport users from any violators!
JoomSport.com is not affiliated with or endorsed by the Joomla! Project or Open Source Matters. The Joomla! name and logo is used under a limited license granted by Open Source Matters the trademark holder in the United States and other countries
Copyright Â© 2009-2013 BearDev < Web Solutions /> JoomSport site Disclimer