r3m1ck official site

The ordinary boy who like to programming java,programming python,developer a desktop application,mobile application,web designer

Navigation: Weblog / Blog article: Howto fix Joomla 1.5 hacking (token admin password reset exploit)

Howto fix Joomla 1.5 hacking (token admin password reset exploit)

Posted by admin On November - 24 - 2010 Views: 11,410

A flaw in the reset token validation mechanism allows for non-validating tokens to be forged. This will allow an unauthenticated, unauthorized user to reset the password of the first enabled user (lowest id). Typically, this is an administrator user. Note, that changing the first users username may lessen the impact of this exploit (since the person who changed the password does not know the login associated with the new password). However, the only way to completely rectify the issue is to upgrade to 1.5.6 (or patch the /components/com_user/models/reset.php file).

The Solution:

Upgrade to latest Joomla! version (1.5.6 or newer), or patch /components/com_user/models/reset.php with the code below:
After global $mainframe; on line 113 of reset.php, add:

if(strlen($token) != 32) {
	$this->setError(JText::_('INVALID_TOKEN'));
	return false;
}

Tags: , , , , , , , , , , , , , , , ,
Other, Tips & Tricks

Facebook Comments

One Response to “Howto fix Joomla 1.5 hacking (token admin password reset exploit)”

  1. surf shop says:
    December 2, 2010 at 8:13 am

    Thank you for the great info, i’m going to write on this too!

    Reply

Leave a Reply

 

Verandas and landscapes- How to create a beautiful exterior and a great living space

Landscaping has become one of the favorite DIY and design trends in recent years, and it’s also become an area of design which is considered somehow unaffordable. That’s way off the mark. You can add a lot to your home environment, with just simple but Read the Rest…

Posted on November 18th, 2010 under Home Design | 2 Comments »

Avenged Sevenfold : Nightmare

Nightmare! (Now your nightmare comes to life) Dragged ya down below Down to the devil’s show To be his guest forever Peace of mind is less than never Hate to twist your mind But God ain’t on your side An old acquaintance severed Burn the Read the Rest…

Posted on December 21st, 2010 under A, Avenged Sevenfold, Lyrics, Music | No Comments »

Small Home Decorations

Many people have small homes, small apartments and manage to live in the small space. People live in small homes because they can’t afford or don’t want large houses, and they are happy what they have. Small homes look beautiful and easy to manage as Read the Rest…

Posted on November 16th, 2010 under Home Design | No Comments »

WordPress Plugin : Disable update core notification

Do you bored with update core notification from wordpress ?? there is my simple plugin to remove update core notification , just a simple code. how to install this plugin ? 1. download this plugin here http://r3m1ck.us/files/wP-pLug1n5/disable-update-core-notification.zip 2. login into your wordpress admin , open Read the Rest…

Posted on March 15th, 2011 under Wordpress Plugin | 2 Comments »

Kaleidoscope – blink182

Kaleidoscope Stop banging away on my kaleidoscope Stop draining the color out of my scene Just play me something I can dance to I can dance to anything you wanna sing So lock me up in a studio Fill it up with soundless scenarios Stop Read the Rest…

Posted on September 20th, 2011 under Blink182, Lyrics, Music | No Comments »

Fans Box

  • Donate Me :)

  • Web Statistics

    Page Rank