CKForms Security Issue is Spreading

Questions and bug reports for current release of CKForms

CKForms Security Issue is Spreading

Postby kiwi » Sat Mar 20, 2010 7:28 am

Hi,
I have been watching the number of sites that have all been hacked via the SQL injection flaw reported a few days ago.

While CKForms works very well for us we have had to remove it immediately due to the fact that our test sites have been hacked and this component poses a very serious security flaw to our Joomla installs.

More details can be found here :
http://www.exploit-db.com/exploits/11785

I have full logs showing how this flaw is actively being used in the wild, particularly just how Turkish hackers are using this issue, and it can take less than 5 minutes to gain admin access into your site.

I have run this against some other friends Joomla sites and every single time the vunlerability suceeds without fail. Subsequently those friends have also removed CKForms.

Can we get an official response as to whats being done about these flaws? Even just an indication that something is being done.

If we cant see or hear anything we will all be forced to move our solutions elsewhere.

Skip
New Zealand
kiwi
 
Posts: 1
Joined: Sat Mar 20, 2010 7:22 am
Top

Re: CKForms Security Issue is Spreading

Postby pedrino » Sat Mar 20, 2010 11:10 am

Hi,

I fixed the security problem in the new release (1.3.4) you can download in the CKForms Site :

http://ckforms.cookex.eu/

Regards

Pierre
User avatar
pedrino
Site Admin
 
Posts: 150
Joined: Tue Aug 25, 2009 12:13 pm
Top

Re: CKForms Security Issue is Spreading

Postby aniuska » Wed Apr 07, 2010 12:51 pm

Hello,

I hope that last version (1.3.4) fix securities vulnerabilities. I have been attacked last week for Turkish group and spamming through CKForm. I would like to continue using this component.

Thanks,
Aniuska
aniuska
 
Posts: 8
Joined: Tue Sep 29, 2009 10:04 am
Top

Re: CKForms Security Issue is Spreading

Postby AlanDogg » Tue May 11, 2010 6:22 pm

Hi this security flaw still exists, i have been told by my server host that if i do not remove ck forms component he will shut down my sites that use it. This component has a serious security issues and i have already lost my own wesbite due to this badly written script.

Details from server host below

We can see from looking at the access logs that only a few minutes ago a
hacker tried to exploit the ckforms component.

195.228.152.176 - - [11/May/2010:14:36:07 +0100] "GET
/index.php?option=com_ckforms&view=ckforms&id=2&Itemid=53//index2.php?option
=com_forms&controller=../../../../../../../../../../../../../../../proc/self
/environ%00 HTTP/1.1" 200 677 "-" "libwww-perl/5.813"

You MUST remove this component and its possible threat ASAP or the account
will be terminated.


Im already using the new version 1.3.4
AlanDogg
 
Posts: 3
Joined: Tue May 11, 2010 6:16 pm
Top

Re: CKForms Security Issue is Spreading

Postby ahmad99 » Wed May 19, 2010 3:11 am

How to upgrade...?
ahmad99
 
Posts: 2
Joined: Wed May 19, 2010 3:07 am
Top

Re: CKForms Security Issue is Spreading

Postby doughboy » Thu May 20, 2010 12:47 am

hi guys,

any updates about the latest version of ckforms?
has it been tested for vulnerability against sql injection?
doughboy
 
Posts: 2
Joined: Wed May 19, 2010 9:20 am
Top

Re: CKForms Security Issue is Spreading

Postby ikkes » Wed Jun 09, 2010 7:10 pm

Can anybody confirm that this issue has been solved in the last version?
It is really important to know!!!!!

And is this also an issue, when only registred people can use this (we made a hack for this)?

Regards,

Ikkes
ikkes
 
Posts: 3
Joined: Wed Jun 09, 2010 7:08 pm
Top

Re: CKForms Security Issue is Spreading

Postby homeroom1 » Fri Jun 11, 2010 6:21 pm

My Host just shut down another one of my sites using CK Forms. I've now disabled it on all sites until further notice.

I'm hoping someone can solve this issue.
homeroom1
 
Posts: 2
Joined: Fri Jun 11, 2010 5:01 pm
Top

Re: CKForms Security Issue is Spreading

Postby cmatechno » Tue Jun 15, 2010 6:33 pm

I just started using CKforms, and it seems to work ok although there's lots of room for improvement. One of my websites (not using CKforms though) has been savagely hacked the past year. It was so bad that I ended up wiping out the whole server, changing all passwords, and then reinstalling everything from scratch. Guess what, attacks continued, but this time I spend some money and I got the OSE anti-hacker http://www.opensource-excellence.com. It wasn't cheap by joomla-standards, but boy has this made a huge change.
I know writing components isn't easy, and we all should be extremely grateful that there are people out there devoting their time and knowledge into saving us time. There will always be vulnerabilities.
This is why OSE works like a charm for me: first, it has a pre_append feature, its php scripts run before anything else. So when someone tries a stunt like a sql injection their IP gets banned immediately. If they try something funky in the URL, their IP gets banned as well. I'm trying to convince the maker to do some counter-attack measures (such as responding to an attack with some really nasty, wrongly-formatted webpage that will mess up the attackers' session, ever tried sending a big jpg file with the wrong header? talk about nasty content LOL)
But we will see about that.
So, in practical terms, this should resolve any problems that a component has. In the case of CKforms, well, any potential attack is caught before it reaches the component, so it solves the problem.
If I run into any problems, I'll come here and let you guys know. So far, this solution works.
cmatechno
 
Posts: 1
Joined: Tue Jun 15, 2010 6:22 pm
Top

Re: CKForms Security Issue is Spreading

Postby Redshirt » Wed Jun 16, 2010 11:05 am

@cmatechno

as good as it sounds, if there is a flaw in a part of the code, this flaw needs to be found + fixed.

regardless of code you execute before it.
Redshirt
 
Posts: 7
Joined: Fri May 28, 2010 11:31 am
Top

Next

Return to CKForms 1.3.x Support forum

Who is online

Users browsing this forum: Alexa [Bot] and 1 guest