= 1.0.1 Blind SQL Injection + fix

14 years 5 months ago #61743 by nrma
= 1.0.1 Blind SQL Injection + fix was created by nrma
My site was exploited by [EDIT: a CB 1.0.1 only (> 1 year old) vulnerability from 24.04.08}

a quick fix is :
[code:1]
if( isset($_REQUEST) && !ctype_digit($_REQUEST) )
{
die( 'Your IP is logged!' );
}
[/code:1]

just after first line in comprofiler.php file


EDIT: removed link to exploit. Do not make publicity to exploits, and keep your installations up to date. Joomla 1.0.12+ would have avoided that exploit too...

Post edited by: beat, at: 2008/05/05 07:54

Please Log in to join the conversation.

14 years 5 months ago #61749 by nant
Replied by nant on topic Re:= 1.0.1 Blind SQL Injection + fix
Thats why CB 1.0.2 and CB 1.1 were released.

You should upgrade asap.

Please Log in to join the conversation.

Moderators: beatnantkrileon
Time to create page: 0.157 seconds

Facebook Twitter LinkedIn