Joomla! 2.5.x/3.5.0 XSS

Posted in Joomla!
2016-06-06 07:06:05 +0000 UTC

Joomla! versions before 3.5.0, including the 2.5.x series (likely all the way back to 1.6.0, no regression testing done) are vulnerable to reflective XSS:

Whatever Happened To Jeff Channell?

Posted in Other
2016-02-04 01:14:50 +0000 UTC

Howdy folks...

It's been a long, long time since I've made any sort of updates here. Too long. Years.

A lot has happened in the past few years. Some of you know the whole story, some only bits and pieces, and the majority of you probably think I got hit by a bus or something.

Privately Public

2012-04-30 07:50:11 +0000 UTC

This is a message that's privately public. If there's the slightest chance you're offended by profanity, please don't bother clicking "Read More," as what follows may be too vulgar for your senses. That said, bring on the poetry/freeform rant...

Joomla! 1.6/1.7/2.5 Privilege Escalation Vulnerability

Posted in Joomla!
2012-03-15 19:47:25 +0000 UTC

Joomla! 1.6.x/1.7.x/2.5.0-2.5.2 suffers from a privilege escalation vulnerability that allows users to be registered into any group not having 'core.admin' privileges.

Joomla! Remember Me Cookie Encryption Issues

Posted in Joomla!
2011-09-29 04:11:31 +0000 UTC

There is a serious problem with the way Joomla! handles the "remember me" login cookie. It is possible to decrypt the contents of this cookie and alter the serialized data inside, which could possibly lead to exploitation. Versions 1.5 through 1.7.1 are affected.

Joomla! TinyMCE DOS

Posted in Joomla!
2011-04-05 15:23:03 +0000 UTC

Back in February, I reported an issue with TinyMCE to the Joomla! Security Strike Team. Since then, they "fixed" it in 1.6.1, but failed to do so for 1.5.23. Joomla! 1.5.x ships with a script that is supposed to cache gzipped copies of TinyMCE, but not only is this script never used, but it doesn't clean up after itself.

Joomla! 1.6.0 Multiple Minor Vulnerabilities

Posted in Joomla!
2011-03-08 15:47:09 +0000 UTC

Now that 1.6.1 is officially released, I figured I'd go ahead and publish a few of the "sensitive" bugs I found in 1.6.0.

Joomla! JFilterInput XSS Bypass

Posted in Joomla!
2011-02-01 14:21:12 +0000 UTC

Joomla! 1.5 and 1.6 rely on the JFilterInput class to sanitize user-supplied html. This class attempts to parse any given string for html code, checks the code against a whitelist of elements and attributes, and strips out any code that is not allowed. However, malformed html code can be used to bypass the filter and inject XSS code into user-supplied input.

2010 Joomla! Security Extension Comparison

2010-12-20 05:00:00 +0000 UTC

After having a couple different people ask me which Joomla! security extension I recommend, and having no real answer, I figured the best way was to simply try each one against various security risks and see which vectors are detected. This test should not be considered conclusive, and is not meant to endorse or defame any particular extension.

JMyLife 1.0.16 Released

Posted in JMyLife
2010-12-02 19:24:24 +0000 UTC

I'm happy to announce the availability of JMyLife 1.0.16. This release brings the ability to filter by date ranges and a new Frontend Edit mode.