com_banner vulnerability - Joomla! Forum - community, help and support

-

problem description :: forum post assistant (v1.2.3) : 16th november 2012 wrote:com_banner vulnerability
log/error message :: forum post assistant (v1.2.3) : 16th november 2012 wrote:info -> corecomponent: com_banners blind sql injection vulnerability
versions effected: n/a
check: /components/com_banners/
vulnerable? yes

i'm wanting secure site better , have found above vulnerability com_banner. how fix this?
forum post assistant (v1.2.3) : 16th november 2012 wrote:
basic environment :: wrote:joomla! instance :: joomla! 1.5.26-stable (senu takaa ama busani) 27-march-2012
joomla! configured :: yes | read-only (444) | owner: 48 (uid: /gid: ) | group: 48 (gid: ) | valid for: 1.5
configuration options :: offline: 0 | sef: 1 | sef suffix: 0 | sef rewrite: 0 | .htaccess/web.config: no | gzip: 0 | cache: 0 | ftp layer: 0 | ssl: 0 | error reporting: -1 | site debug: 0 | language debug: 0 | database credentials present: yes

php configuration :: version: 5.3.3 | php api: apache2handler | session path writable: unknown | display errors: 1 | error reporting: 22527 | log errors to: | last known error: | register globals: | magic quotes: | safe mode: | open base: | uploads: 1 | max. upload size: 2m | max. post size: 8m | max. input time: 60 | max. execution time: 30 | memory limit: 128m

mysql configuration :: version: 5.1.66 (client:5.1.66) | host: --protected-- (--protected--) | collation: latin1_swedish_ci (character set: latin1) | database size: 8.67 mib | #of tables:  63
detailed environment :: wrote:php extensions :: core (5.3.3) | date (5.3.3) | ereg () | libxml () | openssl () | pcre () | zlib (1.1) | bz2 () | calendar () | ctype () | hash (1.0) | filter (0.11.0) | ftp () | gettext () | gmp () | session () | iconv () | reflection ($revision: 300393 $) | standard (5.3.3) | shmop () | spl (0.2) | simplexml (0.1) | sockets () | exif (1.4 $id: exif.c 293036 2010-01-03 09:23:27z sebastian $) | tokenizer (0.1) | xml () | apache2handler () | curl () | dom (20031129) | fileinfo (1.0.5-dev) | gd () | json (1.2.1) | ldap () | mysql (1.0) | mysqli (0.1) | pdo (1.0.4dev) | pdo_mysql (1.0.2) | pdo_sqlite (1.0.1) | phar (2.0.1) | soap () | sqlite3 (0.7-dev) | wddx () | xmlreader (0.1) | xmlwriter (0.1) | xsl (0.1) | zip (1.9.1) | zend engine (2.3.0) |
potential missing extensions :: mbstring | mcrypt | suhosin |

switch user environment (experimental) :: php cgi: no | server su: no | php su: no | custom su (litespeed/cloud/grid): no
potential ownership issues: maybe

apache modules :: core | prefork | http_core | mod_so | mod_auth_basic | mod_auth_digest | mod_authn_file | mod_authn_alias | mod_authn_anon | mod_authn_dbm | mod_authn_default | mod_authz_host | mod_authz_user | mod_authz_owner | mod_authz_groupfile | mod_authz_dbm | mod_authz_default | util_ldap | mod_authnz_ldap | mod_include | mod_log_config | mod_logio | mod_env | mod_ext_filter | mod_mime_magic | mod_expires | mod_deflate | mod_headers | mod_usertrack | mod_setenvif | mod_mime | mod_status | mod_autoindex | mod_info | mod_vhost_alias | mod_negotiation | mod_dir | mod_actions | mod_speling | mod_userdir | mod_alias | mod_substitute | mod_rewrite | mod_proxy | mod_proxy_balancer | mod_proxy_ftp | mod_proxy_http | mod_proxy_ajp | mod_proxy_connect | mod_cache | mod_suexec | mod_disk_cache | mod_cgi | mod_version | mod_php5 | apache/2.2.15 (red hat) |
potential missing modules :: mod_security | mod_evasive | mod_dosevasive | mod_ssl | mod_qos | mod_userdir |
folder permissions :: wrote:core folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

elevated permissions (first 10) :: cache/mod_stats/ (777) | components/com_rsform/uploads/ (777) | media/ctr/base/ (777) | media/ctr/content_cache/ (777) |
extensions discovered :: wrote:components :: site :: wf_media_title (2.2.9.1) | wf_anchor_title (2.2.9.1) | wf_layer_title (2.2.9.1) | wf_cleanup_title (2.2.9.1) | wf_fullscreen_title (2.2.9.1) | wf_searchreplace_title (2.2.9.1) | wf_contextmenu_title (2.2.9.1) | wf_spellchecker_title (2.2.9.1) | wf_lists_title (2.2.9.1) | wf_autosave_title (2.2.9.1) | wf_style_title (2.2.9.1) | wf_directionality_title (2.2.9.1) | wf_inlinepopups_title (2.2.9.1) | wf_clipboard_title (2.2.9.1) | wf_link_title (2.2.9.1) | wf_visualblocks_title (2.2.9.1) | wf_visualchars_title (2.2.9.1) | wf_textcase_title (2.2.9.1) | wf_preview_title (2.2.9.1) | [do not buy our kitchens!] (2.2.9.1) | wf_source_title (2.2.9.1) | wf_table_title (2.2.9.1) | wf_xhtmlxtras_title (2.2.9.1) | wf_nonbreaking_title (2.2.9.1) | wf_print_title (2.2.9.1) | wf_browser_title (2.2.9.1) | wf_article_title (2.2.9.1) | wf_imgmanager_title (2.2.9.1) | wf_filesystem_joomla_title (2.2.9.1) | wf_popups_window_title (2.2.9.1) | wf_popups_jcemediabox_title (2.2.9.1) | wf_mediaplayer_jceplayer_title (2.2.9.1) | wf_link_search_title (2.2.9.1) | wf_aggregator_vimeo_title (2.2.9.1) | [youtube] (2.2.9.1) | wf_links_joomlalinks_title (2.2.9.1) | user (1.5.0) | wrapper (1.5.0) | mailto (1.5.0) |
components :: admin :: xmap (1.2.2) | eventlist plugin (1.0.0) | content plugin (1.0.2) | kunena plugin (1.0.0) | gallery2 bridge plugin (1.0.2) | jdownloads plugin (1.0.0) | jevents plugin (1.0.3) | myblog plugin (1.0.0) | agora plugin (1.0.0) | rsgallery2 extension (1.0.0) | rokdownloads plugin (1.0.1) | sectionex plugin (1.0.2) | hot property plugin (1.0.0) | jomres plugin (1.0) | remository plugin (1.0.3) | virtuemart plugin (1.1.1) | jcalpro plugin (1.0.0) | sobi2 plugin (1.1.0) | glossary plugin (1.0.0) | joomsuite resources plugin (1.0.0) | mosets tree plugin (1.0.1) | knowledgebase plugin (1.0.0) | jce (2.2.9.1) | jce (2.2.9.1) | editor - jce (2.2.9.1) | editor - jce (2.2.9.1) | jce file browser (2.0.0) | plg_quickicon_jcefilebrowser (2.5.0) | unknown (-) | plugin manager (1.5.0) | trash (1.0.0) | joomla_flash_uploader (2.10.4) | banners (1.5.0) | ns mailer (1.0) | installation manager (1.5.0) | menus manager (1.5.0) | tag meta (1.3 community) | mass mail (1.5.0) | user manager (1.5.0) | rsform (1.2.0) | newsfeeds (1.5.0) | configuration manager (1.5.0) | content page (1.5.0) | messaging (1.5.0) | language manager (1.5.0) | weblinks (1.5.0) | module manager (1.5.0) | ldswards (1.1.0) | frontpage (1.5.0) | search (1.5.0) | media manager (1.5.0) | template manager (1.5.0) | control panel (1.5.0) | cache manager (1.5.0) | contentsubmit (1.5.1) | contact items (1.0.0) | polls (1.5.0) |

modules :: site :: latest news (1.5.0) | feed display (1.5.0) | banner (1.5.0) | poll (1.5.0) | related items (1.0.0) | yoocarousel (1.5.17) | breadcrumbs (1.5.0) | search (1.0.0) | simple file upload (0.9.3) | menu (1.5.0) | newsflash (1.5.0) | footer (1.5.0) | yoogallery (1.5.4) | wrapper (1.0.0) | archived content (1.5.0) | random image (1.5.0) | login (1.5.0) | syndicate (1.5.0) | sections (1.5.0) | statistics (1.5.0) | custom html (1.5.0) | who\'s online (1.0.0) | newsletter subscriber (1.1.0) | read content (1.5.0) |
modules :: admin :: toolbar (1.0.0) | feed display (1.5.0) | admin submenu (1.0.0) | title (1.0.0) | latest news (1.0.0) | popular items (1.0.0) | footer (1.0.0) | admin menu (1.0.0) | jce file browser (2.0.0) | unread items (1.0.0) | online users (1.0.0) | login form (1.0.0) | quick icons (1.0.0) | items stats (1.0.0) | user status (1.5.0) | custom html (1.5.0) | logged in users (1.0.0) |

plugins :: site :: content - page navigation (1.5) | content-coolimg (1.0.1) | content-allowedit (1.0.0) | content - code highlighter (ge (1.5) | content - email cloaking (1.5) | content - newsletter subscribe (1.0.6) | content - example (1.0) | content - pagebreak (1.5) | content - vote (1.5) | yoogallery (1.5.4) | easyimagecaption (0.49beta3) | content - load modules (1.5) | editor - xstandard lite jo (1.0) | editor - tinymce 3 (3.2.6) | editor - jce (2.2.9.1) | xml-rpc - blogger api (1.0) | xml-rpc - joomla api (1.0) | authentication - example (1.5) | authentication - ldap (1.5) | authentication - openid (1.5) | authentication - joomla (1.5) | authentication - gmail (1.5) | user - example (1.0) | user - joomla! (1.5) | search - weblinks (1.5) | search - categories (1.5) | search - contacts (1.5) | search - sections (1.5) | search - newsfeeds (1.5) | search - content (1.5) | system - cache (1.5) | yooeffects (1.5.1) | system - nonumber! elements (1.2.1) | system - log (1.5) | system - remember me (1.5) | system - debug (1.5) | system - backlinks (1.5) | system - sourcerer (2.4.0) | system - legacy (1.5) | system - tag meta (1.3 community) | system - sef (1.5) | system - mootools upgrade (1.5) | button - image (1.0.0) | button - pagebreak (1.5) | button - readmore (1.5) | editor button - sourcerer (2.4.0) |

several points.
1. how know com_banner vulnerability
2. have open 777 fodlers?
3. using out of date extensions?
jevents
gallery2
etc





Comments

Post a Comment

Popular posts from this blog

How to change text Component easybook reloaded *newbee* - Joomla! Forum - community, help and support

-
Image
hi all, i started building websites joomla not long ago, can use help.. for got problem guestbook. i have installed easybook. , running on following website http://odoorn321.nl/ (under gastenboek) i want change text: waardering website (is dutch valuate website) waardering. idea rid of word website, because have valuate vacation home, not website. i have made screenshot of text want change. where , how going find css file change text? your appreciated! thanks no one? Board index Joomla! Older Version Support Joomla! 2.5 General Questions/New to Joomla! 2.5
Read more

PProHeadless.exe has stopped working error when opening projects in Adobe Media Encoder CS6

-
hi, upgraded adobe cloud cs6 , having problems adobe media encoder cs 6 (version 6.0.1.31 64-bit).   when try add adobe premiere projects in ame, gives me following error:   pproheadless.exe has stopped working   i tried rebooting, , still gives me same error.  project load, won't.   the premiere projects contain h.264 .mov file coming canon t2i.  added overlay logo bottom right of video created in adobe after effects, contains text, no effects, no motion, etc.  have .wav file recorded zoom h4n, not always.  edit in adobe audition remove noise feature.   i running on windows 7 ultimate 64-bit.  i'm using i7 16gb ram , ati 6870 video card.   i have lut buddy plugin installed.   it give me error first time try load project, , connection dynamic link server fail.  afterwards, if try load project again, if restart ame, stays stuck in connecting dynamic link server...   any provide appreciated. what happens when drag , a...
Read more

Preconditions Failed. - Joomla! Forum - community, help and support

-
hello! i'm having problem; every time click save&close button, or save button, or close button module; following message appears: "precondition failed the precondition on request url /administrator/index.php evaluated false. additionally, 404 not found error encountered while trying use errordocument handle request." it happens modules. thanks in advance. problem description :: forum post assistant (v1.2.3) : 13th november 2012 wrote: can\'t save changes or close module. log/error message :: forum post assistant (v1.2.3) : 13th november 2012 wrote: precondition failed precondition on request url /administrator/index.php evaluated false. additionally, 404 not found error encountered while trying use errordocument handle request. last php error(s) reported :: forum post assistant (v1.2.3) : 13th november 2012 wrote: [04-mar-2012 01:25:56] php fatal error: call member function get() on non-object in /home/joommmy1/addon/youngstaer/sub/teenace/public_html/templates/...
Read more