Jeff Channell

Joomla! 1.6/1.7/2.5 Privilege Escalation Vulnerability

me@jeffchannell.com (Jeff Channell) — Thu, 15 Mar 2012 19:47:25 GMT

Joomla! 1.6.x/1.7.x/2.5.0-2.5.2 suffers from a privilege escalation vulnerability that allows users to be registered into any group not having 'core.admin' privileges.

Joomla! Remember Me Cookie Encryption Issues

me@jeffchannell.com (Jeff Channell) — Thu, 29 Sep 2011 04:11:31 GMT

There is a serious problem with the way Joomla! handles the "remember me" login cookie. It is possible to decrypt the contents of this cookie and alter the serialized data inside, which could possibly lead to exploitation. Versions 1.5 through 1.7.1 are affected.

Joomla! TinyMCE DOS

me@jeffchannell.com (Jeff Channell) — Tue, 05 Apr 2011 15:23:03 GMT

Back in February, I reported an issue with TinyMCE to the Joomla! Security Strike Team. Since then, they "fixed" it in 1.6.1, but failed to do so for 1.5.23. Joomla! 1.5.x ships with a script that is supposed to cache gzipped copies of TinyMCE, but not only is this script never used, but it doesn't clean up after itself.

Joomla! 1.6.0 Multiple Minor Vulnerabilities

me@jeffchannell.com (Jeff Channell) — Tue, 08 Mar 2011 15:47:09 GMT

Now that 1.6.1 is officially released, I figured I'd go ahead and publish a few of the "sensitive" bugs I found in 1.6.0.

Joomla! JFilterInput XSS Bypass

me@jeffchannell.com (Jeff Channell) — Tue, 01 Feb 2011 14:21:12 GMT

Joomla! 1.5 and 1.6 rely on the JFilterInput class to sanitize user-supplied html. This class attempts to parse any given string for html code, checks the code against a whitelist of elements and attributes, and strips out any code that is not allowed. However, malformed html code can be used to bypass the filter and inject XSS code into user-supplied input.

JMyLife 1.0.16 Released

me@jeffchannell.com (Jeff Channell) — Thu, 02 Dec 2010 19:24:24 GMT

I'm happy to announce the availability of JMyLife 1.0.16. This release brings the ability to filter by date ranges and a new Frontend Edit mode.

Mosets Tree 2.1.6 Template Overwrite CSRF

me@jeffchannell.com (Jeff Channell) — Thu, 18 Nov 2010 18:06:25 GMT

Moset's Tree <= 2.1.6 for Joomla! does not use anti-CSRF tokens in its admin forms.

JMyLife 1.0.15 Released

me@jeffchannell.com (Jeff Channell) — Sun, 31 Oct 2010 08:18:25 GMT

JMyLife 1.0.15 has been released. There are no new features in this release, only bug fixes.

To download an update, click on Account Maintenance in the login module and view your order - the latest release is linked at the bottom. JMyLife is set up as a complete upgrade package - no need to uninstall previous versions first!

JMyLife 1.0.14 Released

me@jeffchannell.com (Jeff Channell) — Fri, 29 Oct 2010 07:42:53 GMT

JMyLife 1.0.14 is now available.

1.0.14 contains a security upgrade

Temporary Joomla 1.5.20 XSS Hotfix

me@jeffchannell.com (Jeff Channell) — Thu, 07 Oct 2010 21:47:22 GMT

The guys over at YGN posted a video today of a 0-day Joomla! 1.5.20 XSS flaw. I've taken a look and have a quick fix that should prevent exploitation.