K2 2.3 Persistent XSS Vulnerability
Saturday, 11 September 2010 12:08

K2 v2.3, the popular Joomla! CCK extension, suffers from persistent XSS vulnerabilities in its comment facility.

Last Updated on Thursday, 30 September 2010 17:34
Read more... [K2 2.3 Persistent XSS Vulnerability]
I Hacked The JED
Friday, 10 September 2010 19:25

Over the Labor Day weekend I managed to upload and execute arbitrary PHP code on the Joomla! Extensions Directory. That site has been patched, but the patch is not yet publicly available. As soon as it is, I'll post the dirty details of the exploit I used to hack extensions.joomla.org!

Also, please note that I was given permission to do so and nothing of any value was harmed!

extensions.joomla.org - Hacked by jdc

UPDATE: THE JED HAS BEEN PATCHED AND IS NO LONGER VULNERABLE! This was confirmed patched BEFORE this was posted, and WAS NOT EXPLOITED PREVIOUSLY! Nothing was harmed and nothing is at risk!

Last Updated on Friday, 10 September 2010 20:47
JComments Persistent XSS
Sunday, 05 September 2010 13:55

JComments suffers from a persistent XSS vulnerability in the way it handles certain BBCodes.

Last Updated on Thursday, 30 September 2010 17:37
Read more... [JComments Persistent XSS]
CompojoomComment 4.1.5 Multiple Vulnerabilities
Wednesday, 01 September 2010 15:48

Since the CompojoomComment Hacking Contest is now over, and I was the only winner, I figured I'd go ahead and share my winning entries. These vulnerabilities are present in CompojoomComment 4.1.5, and are all patched in the latest (4.1.7 at the time of this writing).

Last Updated on Thursday, 30 September 2010 17:34
Read more... [CompojoomComment 4.1.5 Multiple Vulnerabilities]
Add LinkedTube as a Video Provider in JomSocial
Thursday, 19 August 2010 03:05

I had a request recently from Woman Poker Player to add the video site LinkedTube to the list of available video providers in JomSocial. After a bit of investigation, I ended up developing a solution based on the core YouTube library (as LinkedTube is really merely a wrapper for YouTube videos). I've been given permission to post this here for the benefit of the community, and I've sent it to Azrul as well for possible inclusion in the JomSocial core.

Last Updated on Thursday, 19 August 2010 03:17
Read more... [Add LinkedTube as a Video Provider in JomSocial]
Hack CompojoomComment? Ok!
Wednesday, 04 August 2010 18:55

Compojoom, developers of CompojoomComment, opened up a contest to hack their comment component. After being alerted to the contest by my good friend Lafrance, I took a peek and had a working XSS exploit within 16 minutes, and after a bit of refining I managed to really mess things up. ;)

Last Updated on Friday, 13 August 2010 21:11
Read more... [Hack CompojoomComment? Ok!]
JNoGuest 1.0.4
Sunday, 01 August 2010 15:10

Today, JNoGuest 1.0.4 was released. This version adds support for JomSocial registration (including JomSocial Profile Types), fixes a couple bugs, and has some minor changes to JNoGuest's operation.

Read more... [JNoGuest 1.0.4]

Page 4 of 6

The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. Jeff Channell is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project.

Joomla Extensions