Since the CompojoomComment Hacking Contest is now over, and I was the only winner, I figured I'd go ahead and share my winning entries. These vulnerabilities are present in CompojoomComment 4.1.5, and are all patched in the latest (4.1.7 at the time of this writing).
Thursday, 19 August 2010 03:05
I had a request recently from Woman Poker Player to add the video site LinkedTube to the list of available video providers in JomSocial. After a bit of investigation, I ended up developing a solution based on the core YouTube library (as LinkedTube is really merely a wrapper for YouTube videos). I've been given permission to post this here for the benefit of the community, and I've sent it to Azrul as well for possible inclusion in the JomSocial core.
Last Updated on Thursday, 19 August 2010 03:17
Wednesday, 04 August 2010 18:55
Compojoom, developers of CompojoomComment, opened up a contest to hack their comment component. After being alerted to the contest by my good friend Lafrance, I took a peek and had a working XSS exploit within 16 minutes, and after a bit of refining I managed to really mess things up. ;)
Last Updated on Friday, 13 August 2010 21:11
Sunday, 01 August 2010 15:10
Today, JNoGuest 1.0.4 was released. This version adds support for JomSocial registration (including JomSocial Profile Types), fixes a couple bugs, and has some minor changes to JNoGuest's operation.
Tuesday, 15 June 2010 22:40
I've updated JNoGuest to version 1.0.3. No bug fixes, but I've added AlphaRegistration bypass as an option.
The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. Jeff Channell is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project.