jDownloadsownloads.com


Author Topic: Vulnerability jDownloads 1.9.1.4 Stable  (Read 6551 times)

0 Members and 1 Guest are viewing this topic.

Offline Jose_EsP

  • Newbie
  • *
  • Posts: 34
    • XtremeFactor Real Racing Simulation
Vulnerability jDownloads 1.9.1.4 Stable
« on: 28.08.2014 05:24:06 »
The version displayed. It has a vulnerability in the front end.

A hacker has put up several files and downloads, photos.

We have been forced to close the file upload by front end. This is a major problem for our website.

We can give access to the backend from account "manager" but the permissions are too long for users who simply go up downloads.

We tried to give permissions to a custom account, inheriting permissions "public" access to components and backend, but DOES NOT WORK.

Any solutions?


This is very urgent. I hope help. Thank you very much.

Offline ColinM

  • jD Tester
  • *
  • Posts: 3.666
Re: Vulnerability jDownloads 1.9.1.4 Stable
« Reply #1 on: 28.08.2014 14:43:28 »
Hi
Some suggestions, but please note I am more familiar with the jDownloads 2.5 beta series than with the the 1.9 series.

One thing you can do is to remove the submit file button from each of the Layout files (see pic LayoutEdit.png) , then you can make a menu item that allows create- see pic Restricted Access menu.png. This menu item is only visible to those people who belong to specific user groups that are listed in a View Access Level.  So unless the 'hacker' has a valid login there is no access to upload.

If you need more details then please post again

Colin

[gelöscht durch Administrator]

Offline Arno

  • Administrator
  • ***
  • Posts: 12.290
    • jDownloads.com
Re: Vulnerability jDownloads 1.9.1.4 Stable
« Reply #2 on: 28.08.2014 23:20:02 »
Quote
Any solutions?
I will check your problem this weekend.
Best Regards / Gruß
Arno
Please make a Donation for jDownloads and/or write a review on the Joomla! Extensions directory!

Offline Jose_EsP

  • Newbie
  • *
  • Posts: 34
    • XtremeFactor Real Racing Simulation
Re: Vulnerability jDownloads 1.9.1.4 Stable
« Reply #3 on: 29.08.2014 22:42:19 »
The solution has helped me.

According Arno. If you need any information, I ask me.

Thank you all!

Offline antex

  • Newbie
  • *
  • Posts: 2
Re: Vulnerability jDownloads 1.9.1.4 Stable
« Reply #4 on: 10.09.2014 11:46:20 »
Yesterday I had the same problem on my site.
you can get details on the solution
thanks

Offline Arno

  • Administrator
  • ***
  • Posts: 12.290
    • jDownloads.com
Re: Vulnerability jDownloads 1.9.1.4 Stable
« Reply #5 on: 10.09.2014 12:42:45 »
Yesterday I had the same problem on my site.
you can get details on the solution
thanks
Hi antex,
we work in the moment on a fix and reworked some things in the upload form for the jD 1.9.x series.
When you have useful informations which can help us, please send it me via PM. Thanks.
Best Regards / Gruß
Arno
Please make a Donation for jDownloads and/or write a review on the Joomla! Extensions directory!

Offline bustergut

  • Newbie
  • *
  • Posts: 17
Re: Vulnerability jDownloads 1.9.1.4 Stable
« Reply #6 on: 12.09.2014 13:13:03 »
I've had files put onto Jdownloads. They are not assigned to a category so don't show up to users. The files are zip files and called ownd.zip and lolz.zip.  I have disallowed zip files and wait to see what happens.

I'm using 1.9.1.3 on J2.5 and also on J3.1.

Offline ColinM

  • jD Tester
  • *
  • Posts: 3.666
Re: Vulnerability jDownloads 1.9.1.4 Stable [SOLVED]
« Reply #7 on: 12.09.2014 17:25:09 »
Hi
There is a fix - you need to update to version 1.9.1.6 for Joomla 2.5 and to version  jD1.9.2.11 for Joomla 3.1/3.2

Link for jD1.9.1.6
http://www.jdownloads.com/index.php?option=com_jdownloads&Itemid=133&view=viewdownload&catid=33&cid=320

Link for jD1.9.2.11
http://www.jdownloads.com/index.php?option=com_jdownloads&Itemid=133&view=viewdownload&catid=43&cid=323

Colin
« Last Edit: 12.09.2014 17:34:14 by ColinM »

Offline pablovr

  • Newbie
  • *
  • Posts: 2
Hi all,

On my site I have the same problem that has "bustergut". I have disabled the upload from the front-end, only the superadmin users can upload from the back-end.
Any suggestion or solution? (I can not upgrade, at the moment, the version of Joomla!)
Thank you.

Joomla! 1.5.18
JDownload 1.7.5 Stable Build 776

Offline Arno

  • Administrator
  • ***
  • Posts: 12.290
    • jDownloads.com
Re: Vulnerability jDownloads 1.9.1.4 Stable
« Reply #9 on: 17.09.2014 15:59:27 »
Hi,
your jD version is a very old Joomla 1.5 version.
You can try the update below, which is not really tested yet by me.
But i think this should fix the problem.

[gelöscht durch Administrator]
Best Regards / Gruß
Arno
Please make a Donation for jDownloads and/or write a review on the Joomla! Extensions directory!

Offline pablovr

  • Newbie
  • *
  • Posts: 2
Re: Vulnerability jDownloads 1.9.1.4 Stable
« Reply #10 on: 27.09.2014 10:30:13 »
Ok. I will try it.
Thanks.