facebook twitter
Powered By Saaraan

Your Cart is currently empty.

joomla custom development

Professional Edition

Standard Edition

Choose a shape for your team

AtlasSport template
25
 -
30
 DEMO BUY
KodiakSport template
25
 -
30
 DEMO BUY
KeelaunawSport template
15
 -
30
 DEMO BUY
YonvaSport template
15
 -
30
 DEMO BUY
more...
AN OFFICIAL CONTRADICTION OF JOOMSPORT VULNERABILITY!
Friday, 29 June 2012 18:07

Dear JoomSport fans,

The article about JoomSport vulnerability has been spread over the Internet few weeks ago.
BearDev development team instantly began to analyze the problem, the analysis showed that announced vulnerabilities had not been detected.
Farther the analysis results have been adduced:

 

1. The first announced vulnerability is Shell upload
(described http://packetstormsecurity.org/files/113494/Joomla-Joomsport-SQL-Injection-Shell-Upload.html )

The User expectations: Ability to upload the file to the disc using the script imgres.php for generating thumbnails

Why it doesn’t work: it's impossible, as there is no invocation of PHP functions that can read and save the file transferred by violators. This script works only with already uploaded files and if the file that has not been saved on disc is transferred - error occurs.

Also it has been alleged that uploaded shell will be in the folder: /components/com_joomsport/images/ but there is no such folder in JoomSport component and it is not created during it's activity

 

2. The second announced vulnerability is Blind SQL Injection
(described http://osvdb.org/show/osvdb/82912 )

The User expectations: the direct call to the file func.php using the special request leads to executing any SQL statement.

Why it doesn’t work: it's impossible, as direct call to the file func.php is not allowed, there will be error 'Restricted access' - There is a line "defined( '_JEXEC' ) or die( 'Restricted access' );" at the very beginning.

Also there are no calls to the functions, there are only function definitions so even if there is ability for direct call - nothing will execute.

As well there are no functions that will allow to execute the SQL request during direct call to the file as it doesn't initialize Database connection, Joomla initializes Database connection, that calls the component and the component uses this file with functions.


We always do our best to protect JoomSport users from any violators!
Thank you for using JoomSport software!

Kind Reagrds,
The BearDev Team!
 
top

JoomSport.com is not affiliated with or endorsed by the Joomla! Project or Open Source Matters. The Joomla! name and logo is used under a limited license granted by Open Source Matters the trademark holder in the United States and other countries

Copyright © 2009-2013 BearDev < Web Solutions /> JoomSport site Disclimer