As a forum admin and web developer, it's always good to keep a close eye on sites such as exploit-db. Anyone using the Joomla content management system must be absolutely shitting themselves right now if they too keep track of the latest exploits and easy hacks. Every day now there have been new SQL Injection vulnerabilities discovered in the system - somebody has got a lot of explaining to do.
Most of the exploits happen through manipulating the URI field. Something this simple couldn't possibly cause problems, right? Editing a web address?
Well, when messing around with $_POST and $_GET variables, it is absolutely vital and relatively easy to sanitise user input. Let's take an example.
Imagine we have a simple system, connected to an SQL database, which tells you the name of a member based on their ID number. One might use:
http://www.website.tld/forums.php?id=5
And then use SQL to check for this 5.
What would happen, without sanitisation, if one were to enter more than just that five? Take for example a friendly, lovable apostrophe.
http://www.website.tld/forums.php?id=5'
If the system stops this, then it has obviously been sanitised properly and the variable in question is only allowed as an integer value. If not then consider what the ' character means in terms of strings - it starts and ends them. If we end the string in our input data, we can do all sorts of crazy shit... like add our own extra SQL commands to be interpreted and ran.
Suddenly we have a huge problem, imagine somebody were to add SQL to find and display the username and password of an admin account... oh. The hacker has access to your site, and all they have done is visit a URL, no actual hacking needed.
These errors generally show up in amateur work, but when so many appear in something as prevalent as Joomla, we have a problem. Somebody somewhere has a lot of explaining to do: sloppy coding? Laziness? Or just ignorance of simple problems that are so easy to solve?
Most of the exploits happen through manipulating the URI field. Something this simple couldn't possibly cause problems, right? Editing a web address?
Well, when messing around with $_POST and $_GET variables, it is absolutely vital and relatively easy to sanitise user input. Let's take an example.
Imagine we have a simple system, connected to an SQL database, which tells you the name of a member based on their ID number. One might use:
http://www.website.tld/forums.php?id=5
And then use SQL to check for this 5.
What would happen, without sanitisation, if one were to enter more than just that five? Take for example a friendly, lovable apostrophe.
http://www.website.tld/forums.php?id=5'
If the system stops this, then it has obviously been sanitised properly and the variable in question is only allowed as an integer value. If not then consider what the ' character means in terms of strings - it starts and ends them. If we end the string in our input data, we can do all sorts of crazy shit... like add our own extra SQL commands to be interpreted and ran.
Suddenly we have a huge problem, imagine somebody were to add SQL to find and display the username and password of an admin account... oh. The hacker has access to your site, and all they have done is visit a URL, no actual hacking needed.
These errors generally show up in amateur work, but when so many appear in something as prevalent as Joomla, we have a problem. Somebody somewhere has a lot of explaining to do: sloppy coding? Laziness? Or just ignorance of simple problems that are so easy to solve?