Sunday, 29 November 2009 20:05

The Joomla component Lyften Bloggie was recently exposed to suffer from an SQL Injection vulnerability. Since I had a current client that was running this software, with no fix in sight, I decided to take matters into my own hands and patch this. And, in the spirit of open source, I thought I'd share the fix with everyone.

The exploit in question uses the URL parameter "author" to inject SQL commands, and as far as I can tell that parameter is an integer value. To plug this hole, I simply changed line 41 of components/com_lyftenbloggie/models/lyftenbloggie.php to use JRequest's getInt() method instead of the more generic getVar().

Original Code:

$this->_author    = JRequest::getVar( 'author' );

Patched Code:

$this->_author    = JRequest::getInt( 'author' );

UPDATE: It seems the folks over at Lyften have finally published an official fix!

Last Updated on Monday, 28 December 2009 15:45
Comments (10)
1 Wednesday, 02 December 2009 12:41
Many thanks for this! I think one of my sites was victim to this issue... hopefully this stops the little punk in his tracks!
2 Monday, 07 December 2009 13:42
You are AWESOME!! Thank you for taking the time to post this!
3 Tuesday, 08 December 2009 18:43
THANK YOU! I got Nailed with this today and I ended up re-installing Joomla.

Although until the Devs address rest of the issues in Lyften I'm not going to re-install.
4 Wednesday, 09 December 2009 05:56
Yes thanks for that Jeff. I was considering using it but if there are outstanding issues with this, as Wayne has mentioned, I might give this a wide berth till it's been sorted out. Anyone care to elaborate what those other issues are?
5 Wednesday, 16 December 2009 01:40
Seeing that security is always a must, may I suggest adding more to stop this and others.

Having being blasted a number of times from these little bastards, we tried out a firewall system for joomla back at ver j1.0.8 and today we are at j1.5.10 and must say, THANK the lord for this little baby. Need more info, just look up jfirewall and you won't regret it.

We've seen quite a few of these attacks on LB and we are running this even with the few quirks it has where these little muck-a-lucks are blocked out with no damage to our site as of yet, the firewall has done its job and done it well.
6 Thursday, 17 December 2009 15:31
Thanks for this ..
7 Monday, 21 December 2009 16:19
Thanks m8!
8 Saturday, 26 December 2009 11:50
Thank you very much
9 Wednesday, 30 December 2009 19:00
Thanks JeffChannell. I applied your fix some weeks ago, and now it looks like the developer has done the same! Let's hope that is the end of it!
10 Thursday, 10 March 2011 00:34

Add your comment

Your name:
  The word for verification. Lowercase letters only with no spaces.
Word verification:

The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. Jeff Channell is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project.

Joomla Extensions