Popular Joomla Listing
Free Joomla Templates
joomlaos free templates
exskin Joomla Templates
JoomlaClub Forum!
JoomlaHut Free Joomla...
Joomla CMS
joomla templates by...
Bookmarks
Joomladesigns Free...
myJoomla speaks Greek
Search Directory
Directory Stats
There are 367 listing and 47 categories in our website
Download Joomla

Joomla Download

Joomla Open Source Web Site Directory

Preventing SQL Injection Attacks on your Joomla! Websites

Telephone
+44 121 683 1170
Fax
+44 121 535 7039
E-mail
Website
www.packtpub.com
Votes
1
Featured
No
Visited
288
Rate this listing
1 vote
Joomla!, a very popular content management system (CMS) is as you may know an easy-to-deploy-and-use content management system. This ease of use has lent itself to rapid growth of both the CMS and extensions for it. You can install it on almost any host, running Linux or Windows. This highly versatile software has found itself in such lofty places as large corporate web portals, and humble places such as the simple blog. Joomla! itself is inherently safe, but misconfigurations of the CMS, vulnerable components, hosts that are poorly configured, and weak passwords can all contribute to the downfall of your site. Hence, it's always better to ensure the security of your site. In this article by Tom Canavan, we will take a look at how SQL injection attacks can occur to your Joomla website, how we can test for SQL injection attacks, and how to stop SQL injection. Introduction Mark Twain once said, "There are only two certainties in life-death and taxes." Even in web security there are two certainties: It's not "if you are attacked", but "when and how" your site will be taken advantage of. There are several types of attacks that your Joomla! site may be vulnerable to such as CSRF, Buffer Overflows, Blind SQL Injection, Denial of Service, and others that are yet to be found. The top issues in PHP-based websites are: • Incorrect or invalid (intentional or unintentional) input • Access control vulnerabilities • Session hijacks and attempts on session IDs • SQL Injection and Blind SQL Injection • Incorrect or ignored PHP configuration settings • Divulging too much in error messages and poor error handling • Cross Site Scripting (XSS) • Cross Site Request Forgery, that is CSRF (one-click attack) SQL Injections SQL databases are the heart of Joomla! CMS. The database holds the content, the users' IDs, the settings, and more. To gain access to this valuable resource is the ultimate prize of the hacker. Accessing this can gain him/her an administrative access that can gather private information such as usernames and passwords, and can allow any number of bad things to happen. When you make a request of a page on Joomla!, it forms a "query" or a question for the database. The database is unsuspecting that you may be asking a malformed question and will attempt to process whatever the query is. Often, the developers do not construct their code to watch for this type of an attack. In fact, in the month of February 2008, twenty-one new SQL Injection vulnerabilities were discovered in the Joomla! land. The following are some examples presented for your edification. Using any of these for any purpose is solely your responsibility and not mine: Example 1 index.php?option=com_****&Itemid=name&cmd=section§ion=- 000/**/union+select/**/000,111,222, concat(username,0x3a,password),0, concat(username,0x3a,password)/**/from/**/jos_users/* Example 2 index.php?option=com_****&task=****&Itemid=name&catid=97&aid=- 9988/**/union/**/select/**/ concat(username,0x3a,password),0x3a,password, 0x3a,username,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0/**/ from/**/jos_users/* Both of these will reveal, under the right set of circumstances, the usernames and passwords in your system. There is a measure of protection in Joomla! 1.0.13, with an encryption scheme that will render the passwords useless. However, it does not make sense to allow extensions that are vulnerable to remain. Yielding ANY kind of information like this is unacceptable. The following screenshot displays the results of the second example running on a test system with the vulnerable extension. The two pieces of information are the username that is listed as Author, and the Hex string (partially blurred) that is the hashed password: For more information, please visit: http://www.packtpub.com/article/preventing-sql-injection-attacks-on-joomla-websites