Hi Matt, I'm not much of a Joomla programmer, but from reading the docs it appears that the JRequest only prevents HTML injection, not SQL injection.
take a read of this http://developer.joomla.org/tutorials/181-preventing-sql-injections.html matt_thomson wrote: > Hi, usually I wouldn't post on the weekend, but I have got a semi > urgent issue, if anyone is still working could the give me a hand > please. > > I have a Joomla open source component, I think there are about 10,000 > people using it. I got notified of this page this morning: > http://milw0rm.org/exploits/6723 > > This gist of the page is this: > > Exploit: /index.php? > option=com_ignitegallery&task=view&gallery=[SQL]&Itemid=18 > > Example: /index.php?option=com_ignitegallery&task=view&gallery=-1+union > +select+1,2,concat(username,char(58),password)KHG,4,5,6,7,8,9,10+from > +jos_users--&Itemid=18 > > And my php code is more or less this: > > $task = JRequest::getString('task', ''); > $gallery = JRequest::getString('gallery', ''); > > $db =& JFactory::getDBO(); > $query = "SELECT * FROM #__ignitegallery WHERE id = $gallery"; > $db->setQuery($query); > $row = $db->loadObject(); > > <?php echo $row->description; ?> > <h3><?php echo $row->name; ?></h3> > > I have used the standard Joomla jRequest class to sanatise my > variables: > http://dev.joomla.org/component/option,com_jd-wiki/Itemid,/id,references:joomla.framework:environment:jrequest/ > > It seems the hacker thinks he has found a way around it. > > Does anyone know what the sql injection is supposed to do, I have > tried it on a site and it does nothing, but I may not be doing it > right. I dont understand sql to this level. > > Thanks, > > Matt. > > > > > > ------------------------------------------------------------------------ > > > No virus found in this incoming message. > Checked by AVG - http://www.avg.com > Version: 8.0.169 / Virus Database: 270.8.0/1717 - Release Date: 10/9/2008 > 4:56 PM > > --~--~---------~--~----~------------~-------~--~----~ NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [EMAIL PROTECTED] -~----------~----~----~----~------~----~------~--~---
