Serious vulnerabilities in a Joomla plugin!

Researcher Kasper Bertelsen warns that several vulnerabilities he discovered in his Helpdesk Pro , μπορούν να οδηγήσουν σε απομακρυσμένη εκτέλεση κώδικα στους διακομιστές που φιλοξενούν την Web εφαρμογή.joomla

Helpdesk Pro is an extension of Joomla that allows administrators and users to use support bids.

To name a few websites that use this plugin: eBay, Heathrow Airport, and the Supreme Court of s.

The ανακαλύφθηκα από τους Simon Rawet, Kristian Varnai, και Gregor Mynarsky, και συμπεριλαμβάνουν: direct object references, cross-site scripting, SQL injection, local file injection, path traversal, and arbitrary file .

"[Vulnerabilities] leave systems vulnerable to a wide variety of attack types, resulting in the disclosure of potentially sensitive information, but also to the complete acquisition of the server with arbitrary code execution," they say.

Vulnerabilities work because downloading attachments and upload services do not restrict anyone from downloading files.

So an attacker can download the configuration.php file, for example, which contains sensitive information such as usernames, passwords of data, and the FTP credentials.

More technical details.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).