Joo!BB - Making Community
Joo!BB - Joomla! Bulletin Board
Board Index
>
General Joo!BB Discussion
Joo!BB 0.7.2 Blind SQL Injection
Welcome, Guest

Message
You have no permission to reply to this topic.
10 Replies

by freedom on 09/08/2008 08:40
#1
Post Joo!BB 0.7.2 Blind SQL Injection

Code

<img src="http://www.joobb.org/components/com_joobb/assets/emotions/skype/skype_0130-devil.gif" title="Devil" alt="Devil" class="jbEmotion" /> code <img src="http://www.joobb.org/components/com_joobb/assets/emotions/skype/skype_0116-evilgrin.gif" title="Evil Grin" alt="Evil Grin" class="jbEmotion" />
Code removed by Robbie!


freedom | Joined Board: 04/08/2008 20:04 | Last Visit: 10/02/2010 18:00
 Joo!BB - User
Registered
Posts: 25
Offline Member is Offline
View all users posts

Last Edit on 09/14/2008 21:01

Top

by Robbie on 09/08/2008 20:46
#2
Post Re: Joo!BB 0.7.0 Blind SQL Injection

Hi freedom,

sorry for removing the code. It wasn't me

Did you find an another way to hack Joo!BB?
If so, please let me know!!!

Many thanks,
Robbie


Robbie | Joined Board: 12/14/2007 10:38 | Last Visit: 05/14/2012 12:35
 Joo!BB - Master
Administrator
Posts: 784
Offline Member is Offline
View all users posts

Top

by Hennepdesk on 09/09/2008 16:08
#3
Post Re: Joo!BB 0.7.0 Blind SQL Injection

Hello Robbie,

I thought I reported this injection for some time back.
Is it solved now?

Thanks and keep up the good work.

Hennepdesk


Hennepdesk | Joined Board: 03/11/2008 07:26 | Last Visit: 04/08/2009 17:06
 Joo!BB - Experienced
Registered
Posts: 58
Offline Member is Offline
View all users posts

Top

by freedom on 09/09/2008 18:36
#4
Post Re: Joo!BB 0.7.0 Blind SQL Injection

I think it is not solved, since in my database who that creates set of forums, it occurs automatically!
You can look a picture of the screen phpmyadmin
http://joobb.ru/sql.jpg

p.s. I am sorry for my bad English


freedom | Joined Board: 04/08/2008 20:04 | Last Visit: 10/02/2010 18:00
 Joo!BB - User
Registered
Posts: 25
Offline Member is Offline
View all users posts

Top

by freedom on 09/10/2008 08:08
#5
Post Re: Joo!BB 0.7.0 Blind SQL Injection

Here about what I speak, any user can create the message even not not authorized
http://community.sonixsoft.de/index.php?option=com_joobb&view=editpost&layout=joobb


freedom | Joined Board: 04/08/2008 20:04 | Last Visit: 10/02/2010 18:00
 Joo!BB - User
Registered
Posts: 25
Offline Member is Offline
View all users posts

Last Edit on 09/10/2008 08:10

Top

by Robbie on 09/10/2008 10:39
#6
Post Re: Joo!BB 0.7.2 Blind SQL Injection

hi freedom,

this problem is fixed. I will create a new release today. Smile

thx for your report!

kind regards,
robbie


Robbie | Joined Board: 12/14/2007 10:38 | Last Visit: 05/14/2012 12:35
 Joo!BB - Master
Administrator
Posts: 784
Offline Member is Offline
View all users posts

Last Edit on 09/10/2008 10:40

Top

by freedom on 09/10/2008 10:54
#7
Post Re: Joo!BB 0.7.2 Blind SQL Injection

About thanks, I also would like to integrate component JAM PMS, I can help you with it?


freedom | Joined Board: 04/08/2008 20:04 | Last Visit: 10/02/2010 18:00
 Joo!BB - User
Registered
Posts: 25
Offline Member is Offline
View all users posts

Top

by Hennepdesk on 09/10/2008 14:35
#8
Post Re: Joo!BB 0.7.2 Blind SQL Injection

Thank you Robbie for Quickly updating the code.
Good to see JooBB devolping rapidly.

It would be super if JooBB would use JAM.
Also 1.5 native and last weekend a new release of JAM.

Keep it green,

Hennepdesk


Hennepdesk | Joined Board: 03/11/2008 07:26 | Last Visit: 04/08/2009 17:06
 Joo!BB - Experienced
Registered
Posts: 58
Offline Member is Offline
View all users posts

Top

by Robbie on 09/11/2008 09:15
#9
Post Re: Joo!BB 0.7.2 Blind SQL Injection

hi freedom,

I'm sorry, but Joo!BB is Freeware, not Open Source. At least until 1.0. Than I will see if it becomes Open Sorce or still remains Freeware.

I'm about to design an interface to other Joomla Components.

Kind regards,
Robbie


Robbie | Joined Board: 12/14/2007 10:38 | Last Visit: 05/14/2012 12:35
 Joo!BB - Master
Administrator
Posts: 784
Offline Member is Offline
View all users posts

Top

by freedom on 09/11/2008 09:54
#10
Post Re: Joo!BB 0.7.2 Blind SQL Injection

I.e. Joo! BB will be subsequently paid?


freedom | Joined Board: 04/08/2008 20:04 | Last Visit: 10/02/2010 18:00
 Joo!BB - User
Registered
Posts: 25
Offline Member is Offline
View all users posts

Top

by Robbie on 09/11/2008 11:41
#11
Post Re: Joo!BB 0.7.2 Blind SQL Injection

No, I don't think that it will become commercial in anyway. Maybe donate software. But we will see. Smile

Sooner or later I would like to cover my costs. Until now I pay everything from my own pocket. Sweating

But I think, I will find a way to cover the costs when Joo!BB becomes a little bit more popular. Maybe advertising... Thinking

hey... I have studied business administration/economic computer science Giggle


Robbie | Joined Board: 12/14/2007 10:38 | Last Visit: 05/14/2012 12:35
 Joo!BB - Master
Administrator
Posts: 784
Offline Member is Offline
View all users posts

Last Edit on 09/14/2008 20:58

Top

10 Replies

Joo!BB - Joomla! Bulletin Board
Login Register Search Latest Posts Members Terms

Copyright © 2007 - 2012 Joo!BB Project - All rights reserved.