Apr152011
Joomla, you have a problem
Filed under: joomlaSQL injection is one of the easiest security exploits to create and also one of the easiest to avoid. Today I got a notice like this:
Posted: 14 Apr 2011 06:54 PM PDT
Project: Joomla!
* SubProject: All
* Severity: Medium
* Versions: 1.6.1 and 1.6.0
* Exploit type: SQL Injection
* Reported Date: 2011-March-12
* Fixed Date: 2011-April-14
* Description
Unescaped values in query leads to SQL injection vulnerability.
Okay, seriously. The year is 2011. Joomla is a major open source project. How the hell does something like this leak into a shipped version? If I worked on the Joomla project I'd be downright embarrassed.
I fully understand that security flaws will be introduced regardless of care. What I cannot fathom is how a SQL-injection flaw can be introduced. This is the security equivalent of picking your nose in public: there is no hurdle to overcome, you simply choose not to do it.
Hi dude... Im trying to rewrite this
RewriteEngine on RewriteBase /
RewriteCond %{REQUEST_URI} ^/system.* RewriteRule ^(.*)$ index.php/$1 [L]
RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php/$1 [L]
</IfModule>
and came up with this
if ($request_uri ^/system.*) { rewrite ^(.*)$ /index.php?q=$1 last; break; }
if (!-e $request_filename) { rewrite ^(.*)$ /index.php?q=$1 last; break; }
but this gave me
invalid condition "$request_uri" in /etc/nginx/conf.d/deentv.conf:10 configuration file /etc/nginx/nginx.conf test failed