Privately Public
Monday, 30 April 2012 02:50

This is a message that's privately public. If there's the slightest chance you're offended by profanity, please don't bother clicking "Read More," as what follows may be too vulgar for your senses. That said, bring on the poetry/freeform rant...

Read more... [Privately Public]
Joomla! 1.6/1.7/2.5 Privilege Escalation Vulnerability
Thursday, 15 March 2012 14:47

Joomla! 1.6.x/1.7.x/2.5.0-2.5.2 suffers from a privilege escalation vulnerability that allows users to be registered into any group not having 'core.admin' privileges.

Last Updated on Thursday, 15 March 2012 15:01
Read more... [Joomla! 1.6/1.7/2.5 Privilege Escalation Vulnerability]
Joomla! Remember Me Cookie Encryption Issues
Wednesday, 28 September 2011 23:11

There is a serious problem with the way Joomla! handles the "remember me" login cookie. It is possible to decrypt the contents of this cookie and alter the serialized data inside, which could possibly lead to exploitation. Versions 1.5 through 1.7.1 are affected.

Last Updated on Monday, 17 October 2011 13:00
Read more... [Joomla! Remember Me Cookie Encryption Issues]
Blowout Backlink Madness
Thursday, 15 September 2011 20:19

Get a Permanent Backlink on This Site!

Details below, but first a little background...

Today my son came home from school bearing the one thing parents loathe - a fund raising campaign. My brain started rehashing all the foul memories of doing the same thing as a child - annoying my relatives, neighbors and, well, anyone willing to bear through my unenthused sales pitch. But after seeing the doe-eyed look that graced my child's face as he recognized the brightly colored envelope and began parroting the sales pitch given to him by the school, I begrudgingly plunged into the package. Lo and behold, this was certainly not the campaigns I remember as a child!

School fund raising campaigns when I was a child were easily avoidable, provided you lived a substantial distance from your child-rearing relatives. However, with the wonderment that is teh Internets, schools can bridge the divide and deliver the child's pleadings to purchase these wares right to your inbox!

Not being one that enjoys receiving unsolicited mails (you hear that spammers? I'M JUST DELETING THIS CRAP, YOU KEYBOARD MONKEYS!), I decided that instead of pestering the people I know and love (and thus avoiding that inevitable "oh-God-not-a-school-fund-raiser" expression of derision), I would post this pleading to the Internet at large.

So here's the deal, folks - in exchange for purchasing ${RANDOM_STUFF} from this campaign, all* verified orders will receive a PERMANENT backlink to this page. Don't want/need a backlink or even know what one is? It doesn't matter!

Click Here to BUY ${RANDOM_STUFF}!!
Great American Online
Click Here to BUY ${RANDOM_STUFF}!!

Offer ends 3rd October 2011!

* NOTE: Some restrictions apply, I have the right to NOT post a link if I don't want to, so NO PORN, LINK FARMS or otherwise illicit/annoying sites.

Last Updated on Friday, 16 September 2011 04:11
Joomla! TinyMCE DOS
Tuesday, 05 April 2011 10:23

Back in February, I reported an issue with TinyMCE to the Joomla! Security Strike Team. Since then, they "fixed" it in 1.6.1, but failed to do so for 1.5.23. Joomla! 1.5.x ships with a script that is supposed to cache gzipped copies of TinyMCE, but not only is this script never used, but it doesn't clean up after itself.

Last Updated on Tuesday, 05 April 2011 11:15
Read more... [Joomla! TinyMCE DOS]
Joomla! 1.6.0 Multiple Minor Vulnerabilities
Tuesday, 08 March 2011 10:47

Now that 1.6.1 is officially released, I figured I'd go ahead and publish a few of the "sensitive" bugs I found in 1.6.0.

Last Updated on Tuesday, 08 March 2011 11:21
Read more... [Joomla! 1.6.0 Multiple Minor Vulnerabilities]
Joomla! JFilterInput XSS Bypass
Tuesday, 01 February 2011 09:21

Joomla! 1.5 and 1.6 rely on the JFilterInput class to sanitize user-supplied html. This class attempts to parse any given string for html code, checks the code against a whitelist of elements and attributes, and strips out any code that is not allowed. However, malformed html code can be used to bypass the filter and inject XSS code into user-supplied input.

Last Updated on Tuesday, 01 February 2011 19:02
Read more... [Joomla! JFilterInput XSS Bypass]

Page 1 of 5

The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. Jeff Channell is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project.

Joomla Extensions