"Or had you already figured that much out and were after more detail about exactly how that crack attempt was supposed to work within Joomla?"
Ultimately I would have liked to be able to replicate their attack on my local host so, I can fully test it and patch it. I guessed they were trying to output data from jos_users. If I can't work out and replicate their sql it is no biggie, as I'm pretty sure forcing an integer stops this vunerability in it's tracks. On Oct 11, 3:55 pm, Anton <[EMAIL PROTECTED]> wrote: > 2008/10/11 matt_thomson <[EMAIL PROTECTED]>: > > > I would still like to understand what this hacker is doing, > > Not knowing anything about Joomla, it looks to me like they are trying > to query a list of usernames and password hashes from your site, and > getting your gallery component to output them to the client. > > After that they can presumably crack the hashes offline, then hijack > the user accounts. > > Or had you already figured that much out and were after more detail > about exactly how that crack attempt was supposed to work within > Joomla? > > -- > Cheers > Anton --~--~---------~--~----~------------~-------~--~----~ NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [EMAIL PROTECTED] -~----------~----~----~----~------~----~------~--~---
