Forgot password? | Forgot username? | Register

Joomsport is a vulnerable extension?

Joomsport is a vulnerable extension?

http://forum.joomla.org/viewtopic.php?f … p;t=814122

Hello,

is this right? Does my site has problems because of the Joomsport extension? How do i solve this problem?

Edited by: Sven Van den Bruel - Aug-21-13 00:41:29

Administrator has disabled public posting. Please login or register in order to proceed.

Re: Joomsport is a vulnerable extension?

Still have this problem, when will joomsport bring a solution for the vulnerability?

Administrator has disabled public posting. Please login or register in order to proceed.

Re: Joomsport is a vulnerable extension?

Hi,
JoomSport component was listed on the vulnerable extensions list for the following reason:

JoomSport media folder (and all nested folders)had permission 777 that allows anybody to list files, create new files in the directory and delete files in the directory so an intruder can use this ability to hack the website by inputting some scripted file into the media folder but only in case if he knows for sure the path to this media folder.

Now we fixed this problem in version JoomSport 2.9.0 and JoomSport 3.2.0 by changing the folder permission to the 755- in this case- the directory owner only has full access. All others may list the directory, but cannot create files nor delete them. This setting is common for directories that you wish to share with other users. So currently the media folder is protected from the external input.

If you don’t have ability to update JoomSport component you can manually change permissions to 755 for media/bearleague folder and all nested folders via ftp.

Kind Regards, Irene
   BearDev support team

Administrator has disabled public posting. Please login or register in order to proceed.
There are 0 guests and 0 other users also viewing this topic