Joomler!.net - Decided on Joomla!

Jboard is Multiple Board!

 

Archives

2014
2013
2012
2011
2010
2009
2008
2007

Blog

Demo

Home » Blog » and
Feb
9
2014

Joomla3.2.2にSQL インジェクション脆弱性だぞ

EMailPrintPDF
1 votes
Blog - Joomla! CMS
Written by:Joomler! 20926 hits Sunday, 09 February 2014 10:11

バージョンアップがあったが、この脆弱性への対応は含まれていないようだ。

徳丸さんのサイトで公開されていたので対策してみました。

とりあえず、下記のコード変更をすぐに適用するか、mod_tags_similarを無効にしてください。対象バージョンは、mod_tags_similarが有効なおそらく3.1以降のどれも該当すると思います。(mod_tags_similarがそのバージョンからのようなので)
※また、この変更はもちろん正式なものではないので次のバージョンアップの情報に注意しましょう。

変更するファイルは、ROOT/modules/mod_tags_similar/helper.phpです。

元のコード

		$id         = (array) $app->input->getObject('id');

		// Strip off any slug data.
		foreach ($id as $id)
		{
			if (substr_count($id, ':') > 0)
			{
				$idexplode = explode(':', $id);
				$id        = $idexplode[0];
			}
		}

		// For now assume com_tags and com_users do not have tags.
		// This module does not apply to list views in general at this point.
		if ($option != 'com_tags' && $view != 'category'  && $option != 'com_users')

変更後のコード

		$id         = (array) $app->input->getObject('id');

		// Strip off any slug data.
		foreach ($id as $id)
		{
			if (substr_count($id, ':') > 0)
			{
				$idexplode = explode(':', $id);
				$id        = $idexplode[0];
			}
		}

		$id = (int)$id;

		// For now assume com_tags and com_users do not have tags.
		// This module does not apply to list views in general at this point.
		if ($id > 0 && $option != 'com_tags' && $view != 'category'  && $option != 'com_users')

$idを明示的にintにしている部分と、$idが0以下なら何もしないようにしています。

また、合わせて徳丸さんが以下のように書かれていたが、どうか。

TagsJoomla,バージョン,停止,This,not,Strip,idexplode,category,徳丸,mod,脆弱性,similar,tags,and,int,変更,for,PHP,com,id,option
Read more...
 
Comments(0)
Nov
12
2013

Two factor authentication Extend

EMailPrintPDF
0 votes
Download - Plugin, Blog - Plugins, Blog - Joomla!3.x, Extensions - Free Plugin, Download - Joomla!3.x
Written by:Joomler! 31631 hits Tuesday, 12 November 2013 11:02

Two factor authentication Extend released.

twofactorauth_extend_256Featured

  • This plugin simplifies Two factor authetication.
    This plugin can make two factor authetication skip by carrying out the check of OS, a browser, and an IP address for a required two factor authentication code for every login. 
    When it accesses from different OS, IP address, and browser, the process of the usual two factor authentication is performed.

How to use

  • Enabled two factor authentication and select Google Authenticator.
  • Install two factor authentication extend(this plugin) and configure.
    * twofactorauth_extend_orderPlease set it to run at first.

 

Tagsplugin,This,two,factor,アクセス,Authenticator,the,セキュリティ,and,場合,Please,Google,IP,チェック,ログイン,デバイス,OS,アドレス,認証,段階,authentication
Read more...
 
Comments(2)
May
21
2013

XMLRPC for Joomla!2.5.x and 3.x Updated!! v2.0.4

EMailPrintPDF
0 votes
Download - Joomla!3.x, Download - Plugin, Download - Component, Download - Plugin, Download - Component, Documents - XMLRPC for Joomla, Blog - Joomla!2.5, Blog - Joomla!3.x, Download - Joomla!2.5
Written by:Joomler! 29674 hits Tuesday, 21 May 2013 09:43

XMLRPC for Joomla!2.5.x and 3.x version 2.0.4 released.

Fix

  • The file upload error which sometimes takes place
  • The error by an old method

How to install or update

  • Normal install
Tagsand,How,XMLRPC,for,2.0.4,file,Normal,Joomla,2.5,released,Github,method,the,Fix,error,old,takes,sometimes,WLW,place,install
Read more...
 
Comments(1)
Jan
24
2013

XMLRPC for Joomla!2.5.x and 3.0.x Update!!

EMailPrintPDF
0 votes
Download - Joomla!3.x, Download - Plugin, Download - Component, Download - Plugin, Download - Component, Blog - Plugins, Blog - Components, Blog - Joomla!2.5, Blog - Joomla!3.x, Download - Joomla!2.5, Blog - Joomla! CMS
Written by:Joomler! 31295 hits Thursday, 24 January 2013 15:21

xmlrpc128XMLRPC for Joomla!2.5.x and 3.0.x version 2.0.1 released.

Fix

  • Get recent posts

How to install or update

  • Normal install

Please download from the following link.

TagsGet,Normal,Live,install,記事,投稿,and,Windows,XMLRPC,取得,2.5,3.0,対応,更新,Fix,Writer,Joomla,2.0.1,Please,1.0,How
Read more...
 
Comments(3)
Oct
14
2012

XMLRPC for Joomla!2.5.x and 3.0 Released!

EMailPrintPDF
0 votes
Download - Component, Download - Plugin, Download - Component, Download - Plugin, Blog - Components, Blog - Joomla!2.5, Download - Joomla!2.5, Blog - Joomla!3.x, Blog - Joomla! CMS, Extensions - Free Component, Extensions - Free Plugin, Download - Joomla!3.x
Written by:Joomler! 26816 hits Sunday, 14 October 2012 13:12

XMLRPC for Joomla!2.5.x and 3.0.x version 2.0.0

xmlrpc128New features

  • Change author as “Created by alias” (Added wp.getAuthors and permission “Change Author”)
    * Select other users
  • Some changes

Changes

  • Default path for file to “Relatvie”
    If you want “Absolute”, please select “Absolute”.

* If You can not access “your site/component/xmlrpc/rsd.xml or manifest.xml”, please see the following link.

XMLRPC 1.7.1 - WindowsLiveWriter 2011 Unable to connect

Tagsそのまま,2.5,3.0,2011,Bootstrap,If,UI,XMLRPC,変更点,and,Change,xml,Joomla,for,Absolute,Please,1.7.1,画像,2.0.0,コンポーネント,変更
Read more...
 
Comments(0)
<<<12>>>
1 / 2

JContentPlus for Joomla!1.5 powered by Joomler!.net

デル株式会社
© 2020 Joomler!.net
joomler.net is not affiliated with or endorsed by the Joomla! Project or Open Source Matters.
The Joomla!(R) name is used under a limited license from Open Source Matters in the United States and other countries.
joomler.net is not affiliated with or endorsed by Open Source Matters or the Joomla! Project.