Project: Joomla!
SubProject: All
Severity: Low
Versions: 1.5.21 and all previous 1.5 releases
Exploit type: SQL Injection - Information Disclosure
Reported Date: 2010-October-05
Fixed Date: 2010-November-04
Description
Inadequate filtering of request variables causes database errors.
Affected Installs
All 1.5.x installs prior to and including 1.5.21 are affected.
Solution
Upgrade to the latest Joomla! version (1.5.22 or later)
English (UK) 1.5.22 Full Package http://joomlacode.org/gf/download/frsrelease/13105/57240/Joomla_1.5.22-Stable-Full_Package.zip
English (UK) 1.5.21 to 1.5.22 Upgrade Package http://joomlacode.org/gf/download/frsrelease/13106/57213/Joomla_1.5.21_to_1.5.22-Stable-Patch_Package.zip
Reported by YGN Ethical Hacker Group
Contact
The JSST at the Joomla! Security Center.
Saturday, November 6, 2010
Tuesday, November 4, 2008
Content Management System CMS Using PHP And MySQL
A Content Management System ( CMS ) is used to add, edit, and delete content on a website. For a small website, such as this, adding and deleting a page manually is fairly simple. But for a large website with lots of pages like a news website adding a page manually without a content management system can be a headache. </p> <p class="MsoNormal" style=""><?php echo $title; ?></p> <p class="MsoNormal" style="">
A CMS is meant to ease the process of adding and modifying new content to a webpage. The pages content are stored in database, not in the file server.
This tutorial will present an example of a simple content management system. You will be able to add, edit and delete articles using HTML forms.
For the database table we'll call it the news table. It consist of three columns :
* id : The article's id
* title : The title of an article
* content : The article itself
First we need to create a script to add an article. It is just a form where a user can enter the article's title and content.
Example : cms-add.php
Source code : cms-add.phps , cms.txt
Whe an article is added the script just insert the article into the database. An article id is automatically generated by MySQL because the id column was created with AUTO_INCREMENT parameter .
if(isset($_POST['save']))
{
$title = $_POST['title'];
$content = $_POST['content'];
if(!get_magic_quotes_gpc())
{
$title = addslashes($title);
$content = addslashes($content);
}
include 'library/config.php';
include 'library/opendb.php';
$query = " INSERT INTO news (title, content) ".
" VALUES ('$title', '$content')";
mysql_query($query) or die('Error ,query failed');
include 'library/closedb.php';
echo "Article '$title' added";
}
?>
Now that we have the script to add articles let's create another script to view those articles. The script is list the title of articles available in database as clickable links. The article link have the article id appended like this
http://www.php-mysql-tutorial.com/examples/cms/article1.php?id=3
One possible implementation of article1.php is presented below :
Example : article1.php
Source code : article1.phps
include 'library/config.php';
include 'library/opendb.php';
// if no id is specified, list the available articles
if(!isset($_GET['id']))
{
$self = $_SERVER['PHP_SELF'];
$query = "SELECT id, title FROM news ORDER BY id";
$result = mysql_query($query) or die('Error : ' . mysql_error());
// create the article list
$content = '
- ';
- $title \r\n";
while($row = mysql_fetch_array($result, MYSQL_NUM))
{
list($id, $title) = $row;
$content .= "
}
$content .= '
$title = 'Available Articles';
} else {
// get the article info from database
$query = "SELECT title, content FROM news WHERE id=".$_GET['id'];
$result = mysql_query($query) or die('Error : ' . mysql_error());
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$title = $row['title'];
$content = $row['content'];
}
include 'library/closedb.php';
?>
// ... more code here
When article1.php is first called the $_GET['id'] variable is not set and so it will query the database for the article list and save the list in the$content variable as an ordered list. The variable $title and $content will be used later when we print the result page. Take a look at the code below :
Example : article1.php
Source code : article2.phps
// ... previous code
?>
|
echo $content; // when displaying an article show a link // to see the article list if(isset($_GET['id'])) { ?>
} ?> |
If you click on an article link the script will fetch the article's title and content from the database, save it to $title and $content variable and print the HTML file . At the bottom of the page we place a code to show the link to the article list which is the file itself without any query string ( $_SERVER['PHP_SELF'] )
One feasible solution is to implement caching ( cache ) which load an article from the database only once when the article was first requested. The article is then saved to a cache directory as a regular HTML file. Subsequent request to the article will no longer involve any database request. The script just need to read the requested article from the cache directory.
Example : article2.php
Source code : article2.phps
include 'library/config.php';
include 'library/opendb.php';
$cacheDir = dirname(__FILE__) . '/cache/';
if (isset($_GET['id'])) {
$cacheFile = $cacheDir . '_' . $_GET['id'] . '.html';
} else {
$cacheFile = $cacheDir . 'index.html';
}
if (file_exists($cacheFile))
{
header("Content-Type: text/html");
readfile($cacheFile);
exit;
}
// ... more code coming
?>
First we need to specify the cache directory where all cache files are located. For this example the cache directory is located in the same place as the article2.php script. I mean if article2.php is stored in C:/webroot then the cache dir is in C:/webroot/cache/
The script thent check if the article was already in the cache. An article is saved into the cache directory using a filename generated from it's id. For example if you request the article using a link like this :
http://www.php-mysql-tutorial.com/examples/cms/article2.php?id=3
Then the cache file for the article is
_3.html
This filename is just an underscore ( _ ) followed by the article id. In case article2.php is called like this :
http://www.php-mysql-tutorial.com/examples/cms/article2.php
no id is defined so we make the cache file name as index.html
If the cache file is found , the content is read and printed using readfile() and the script terminate. When the article is not found in the cache then we need to look in the database and get the page content from there.
Example : article2.php
Source code : article2.phps
// ... previous code
{
$self = $_SERVER['PHP_SELF'];
$query = "SELECT id, title FROM news ORDER BY id";
$result = mysql_query($query) or die('Error : ' . mysql_error());
$content = '
- ';
while($row = mysql_fetch_array($result, MYSQL_NUM))
{
list($id, $title) = $row;
\r\n";}
$content .= '
$title = 'Available Articles';
} else {
// get the article info from database
$query = "SELECT title, content FROM news WHERE id=".$_GET['id'];
$result = mysql_query($query) or die('Error : ' . mysql_error());
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$title = $row['title'];
$content = $row['content'];
}
include 'library/closedb.php';
// ... still more code coming
?>
As you can see above the process of fetching the article list and content is the same as article1.php. But before showing the page we have to start output buffering so we can save the content of the generated HTML file.
See the code below. Just before printing the html we callob_start() to activate output buffering. From this point no output is sent from the script to the browser. So in the code example below anything between and tag is not sent to the browser but stored in an internal buffer first.
After the closing html tag we useob_get_contents() to get the buffer content and store int in a temporary variable, $buffer. We then call ob_end_flush() which stop the output buffering ( so the page is now sent to the browser ).
Example : article2.php
Source code : article2.phps
// ... previous code
ob_start();
?>
// ... same html code as article1.php
// get the buffer
$buffer = ob_get_contents();
// end output buffering, the buffer content
// is sent to the client
ob_end_flush();
// now we create the cache file
$fp = fopen($cacheFile, "w");
fwrite($fp, $buffer);
fclose($fp);
?>
Now that we have the file content we can write the cache file using the filename generated earlier ( using underscore plus the article id ). From now on any request to the article will no longer involve a database query. At least until the article is updated.
Next we will need an admin page for our content management system. It is where we can edit and delete the articles.
This tutorial is far from perfect so if you have any critiques, questions, comments or problems about this tutorial please tell me.And if you like this tutorial please link to this siteWednesday, October 29, 2008
About Joomla
What is Joomla?
Joomla is an award-winning content management system (CMS), which enables you to build Web sites and powerful online applications. Many aspects, including its ease-of-use and extensibility, have made Joomla the most popular Web site software available. Best of all, Joomla is an open source solution that is freely available to everyone.
What's a content management system (CMS)?
A content management system is software that keeps track of every piece of content on your Web site, much like your local public library keeps track of books and stores them. Content can be simple text, photos, music, video, documents, or just about anything you can think of. A major advantage of using a CMS is that it requires almost no technical skill or knowledge to manage. Since the CMS manages all your content, you don't have to.
What are some real world examples of what Joomla! can do?
Joomla is used all over the world to power Web sites of all shapes and sizes. For example:
* Corporate Web sites or portals
* Corporate intranets and extranets
* Online magazines, newspapers, and publications
* E-commerce and online reservations
* Government applications
* Small business Web sites
* Non-profit and organizational Web sites
* Community-based portals
* School and church Web sites
* Personal or family homepages
Who uses Joomla?
MTV Quizilla
Here are just a few examples of Web sites that use Joomla:
* United Nations (Governmental organization) - http://www.unric.org
* MTV Networks Quizilla (Social networking) - http://www.quizilla.com
* L.A. Weekly (Online publication) - http://www.laweekly.com
* IHOP (Restaurant chain) - http://www.ihop.com
* Harvard University (Educational) - http://gsas.harvard.edu
* Citibank (Financial institution intranet) - Not publicly accessible
* The Green Maven (Eco-resources) - http://www.greenmaven.com
* Outdoor Photographer (Magazine) - http://www.outdoorphotographer.com
* PlayShakespeare.com (Cultural) - http://www.playshakespeare.com
* Senso Interiors (Furniture design) - http://www.sensointeriors.co.za
More examples of companies using Joomla can be found in the Joomla Site Showcase Forum.
I need to build a site for a client. How will Joomla! help me?
Simple Admin interface
Joomla is designed to be easy to install and set up even if you're not an advanced user. Many Web hosting services offer a single-click install, getting your new site up and running in just a few minutes.
Since Joomla is so easy to use, as a Web designer or developer, you can quickly build sites for your clients. Then, with a minimal amount of instruction, you can empower your clients to easily manage their own sites themselves.
If your clients need specialized functionality, Joomla is highly extensible and thousands of extensions (most for free under the GPL license) are available in the Joomla Extensions Directory.
How can I be sure there will be Joomla! support in the future?
Winner - Best CMS
Joomla is the most popular open source CMS currently available as evidenced by a vibrant and growing community of friendly users and talented developers. Joomla's roots go back to 2000 and, with over 200,000 community users and contributors, the future looks bright for the award-winning Joomla Project.
I'm a developer. What are some advanced ways I can use Joomla?
MVC Diagram
Many companies and organizations have requirements that go beyond what is available in the basic Joomla package. In those cases, Joomla's powerful application framework makes it easy for developers to create sophisticated add-ons that extend the power of Joomla into virtually unlimited directions.
The core Joomla framework enables developers to quickly and easily build:
* Inventory control systems
* Data reporting tools
* Application bridges
* Custom product catalogs
* Integrated e-commerce systems
* Complex business directories
* Reservation systems
* Communication tools
Since Joomla is based on PHP and MySQL, you're building powerful applications on an open platform anyone can use, share, and support. To find out more information on leveraging the Joomla framework, visit the Joomla Developer Network.
Joomla is an award-winning content management system (CMS), which enables you to build Web sites and powerful online applications. Many aspects, including its ease-of-use and extensibility, have made Joomla the most popular Web site software available. Best of all, Joomla is an open source solution that is freely available to everyone.
What's a content management system (CMS)?
A content management system is software that keeps track of every piece of content on your Web site, much like your local public library keeps track of books and stores them. Content can be simple text, photos, music, video, documents, or just about anything you can think of. A major advantage of using a CMS is that it requires almost no technical skill or knowledge to manage. Since the CMS manages all your content, you don't have to.
What are some real world examples of what Joomla! can do?
Joomla is used all over the world to power Web sites of all shapes and sizes. For example:
* Corporate Web sites or portals
* Corporate intranets and extranets
* Online magazines, newspapers, and publications
* E-commerce and online reservations
* Government applications
* Small business Web sites
* Non-profit and organizational Web sites
* Community-based portals
* School and church Web sites
* Personal or family homepages
Who uses Joomla?
MTV Quizilla
Here are just a few examples of Web sites that use Joomla:
* United Nations (Governmental organization) - http://www.unric.org
* MTV Networks Quizilla (Social networking) - http://www.quizilla.com
* L.A. Weekly (Online publication) - http://www.laweekly.com
* IHOP (Restaurant chain) - http://www.ihop.com
* Harvard University (Educational) - http://gsas.harvard.edu
* Citibank (Financial institution intranet) - Not publicly accessible
* The Green Maven (Eco-resources) - http://www.greenmaven.com
* Outdoor Photographer (Magazine) - http://www.outdoorphotographer.com
* PlayShakespeare.com (Cultural) - http://www.playshakespeare.com
* Senso Interiors (Furniture design) - http://www.sensointeriors.co.za
More examples of companies using Joomla can be found in the Joomla Site Showcase Forum.
I need to build a site for a client. How will Joomla! help me?
Simple Admin interface
Joomla is designed to be easy to install and set up even if you're not an advanced user. Many Web hosting services offer a single-click install, getting your new site up and running in just a few minutes.
Since Joomla is so easy to use, as a Web designer or developer, you can quickly build sites for your clients. Then, with a minimal amount of instruction, you can empower your clients to easily manage their own sites themselves.
If your clients need specialized functionality, Joomla is highly extensible and thousands of extensions (most for free under the GPL license) are available in the Joomla Extensions Directory.
How can I be sure there will be Joomla! support in the future?
Winner - Best CMS
Joomla is the most popular open source CMS currently available as evidenced by a vibrant and growing community of friendly users and talented developers. Joomla's roots go back to 2000 and, with over 200,000 community users and contributors, the future looks bright for the award-winning Joomla Project.
I'm a developer. What are some advanced ways I can use Joomla?
MVC Diagram
Many companies and organizations have requirements that go beyond what is available in the basic Joomla package. In those cases, Joomla's powerful application framework makes it easy for developers to create sophisticated add-ons that extend the power of Joomla into virtually unlimited directions.
The core Joomla framework enables developers to quickly and easily build:
* Inventory control systems
* Data reporting tools
* Application bridges
* Custom product catalogs
* Integrated e-commerce systems
* Complex business directories
* Reservation systems
* Communication tools
Since Joomla is based on PHP and MySQL, you're building powerful applications on an open platform anyone can use, share, and support. To find out more information on leveraging the Joomla framework, visit the Joomla Developer Network.
Joomla Source Download
Now you can get the latest joomla source code.
Joomla 1.0.15 Full Package
and
Joomla 1.5.7 Full Package
Joomla 1.0.15 Full Package
and
Joomla 1.5.7 Full Package
Subscribe to:
Posts (Atom)