Comments on: Howto fix Joomla 1.5 hacking (token admin password reset exploit) http://www.hostsvault.com/blog/howto-fix-joomla-15-hacking-token-admin-password-reset-exploit/ HostsVault Blog Tue, 10 Aug 2010 19:19:31 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Glenn http://www.hostsvault.com/blog/howto-fix-joomla-15-hacking-token-admin-password-reset-exploit/comment-page-1/#comment-548 Glenn Wed, 21 Apr 2010 14:38:05 +0000 http://www.hostsvault.com/blog/?p=291#comment-548 Small correction ; the correct code should be : $token = mysql_real_escape_string($token); if(strlen($token) != 32) { $this->setError(JText::_(‘INVALID_TOKEN’)); return false; } Small correction ; the correct code should be :

$token = mysql_real_escape_string($token);
if(strlen($token) != 32) {
$this->setError(JText::_(‘INVALID_TOKEN’));
return false;
}

]]> By: Glenn http://www.hostsvault.com/blog/howto-fix-joomla-15-hacking-token-admin-password-reset-exploit/comment-page-1/#comment-547 Glenn Wed, 21 Apr 2010 14:21:53 +0000 http://www.hostsvault.com/blog/?p=291#comment-547 Figure this : the token '--------(...) would be 32 chars long .. since -- is the starter for a comment in MySQL, that is ignored. Thus strlen($token) returns 32, while it is still "seen" in the query as ' . Solution : $token = mysql_real_escape($token); if(strlen($token) != 32) { $this->setError(JText::_('INVALID_TOKEN')); return false; } Figure this : the token ‘——–(…) would be 32 chars long .. since — is the starter for a comment in MySQL, that is ignored. Thus strlen($token) returns 32, while it is still “seen” in the query as ‘ .

Solution :

$token = mysql_real_escape($token);
if(strlen($token) != 32) {
$this->setError(JText::_(‘INVALID_TOKEN’));
return false;
}

]]> By: Imran http://www.hostsvault.com/blog/howto-fix-joomla-15-hacking-token-admin-password-reset-exploit/comment-page-1/#comment-502 Imran Wed, 21 Oct 2009 16:47:20 +0000 http://www.hostsvault.com/blog/?p=291#comment-502 I had this problem, I upgraded to 1.5.6 but after 2 days it happened again. I checked reset.php your suggested code is already there. Seems its not workig or hackers have bypassed this too. ANy idea? I had this problem, I upgraded to 1.5.6 but after 2 days it happened again. I checked reset.php your suggested code is already there. Seems its not workig or hackers have bypassed this too. ANy idea?

]]> By: jim http://www.hostsvault.com/blog/howto-fix-joomla-15-hacking-token-admin-password-reset-exploit/comment-page-1/#comment-501 jim Fri, 16 Oct 2009 01:26:20 +0000 http://www.hostsvault.com/blog/?p=291#comment-501 this is addressed in the latest version of jomoola and yet they are still able to reset and hack the site this is addressed in the latest version of jomoola and yet they are still able to reset and hack the site

]]> By: aj http://www.hostsvault.com/blog/howto-fix-joomla-15-hacking-token-admin-password-reset-exploit/comment-page-1/#comment-413 aj Wed, 22 Jul 2009 07:34:48 +0000 http://www.hostsvault.com/blog/?p=291#comment-413 wow great content...I will do this...Thanks wow great content…I will do this…Thanks

]]>