Text Size
   
Home Knowledge Joomla: A Bug In Joomla 1.5.7 !!!
Mar 09
Tuesday

What's new in StudioAMK.com!

  • Welcome Back !!!

    heartbeatW

    elcome Back!!! The New StudioAMK.com is coming back online with more and more interesting and exicting features. As usual, here you can get various softwares, games, multimedia files and various kind of articles at no cost, which are originally created by me...

  • New Structure...

    blog-creation-4

    S

    tudioAMK.com has been restructured to have lesser sections. It has been narrowed down to as little as two sections, Blog, where all my articles go and, Creations, where all my original creations such as programs and files go...

  • New Login Systems...

    keyD

    id you know... You are already a registered member of StudioAMK.com, if you have a account or an OpenID account. A wide options of authentication creates an easy way to use a single digital identity across the Internet. It doesn't matter, if you do not have such accounts. You can always register a new account at StudioAMK.com.

  • More & More Features...

    bookmark Social Bookmarkings textsize Adjustable Font Size
    tags Tags Cloud pdf Article to PDF
    notify Follow-up Notification print Easy Print
    search Advanced Search
    		mail Email to Friend

  • Download Font

    Download Font
Add to: JBookmarks Add to: Facebook Add to: Mr. Wong Add to: Windows Live Add to: Bookmarks.cc Add to: Digg Add to: Del.icoi.us Add to: Reddit Add to: Jumptags Add to: Upchuckr Add to: Slashdot Add to: Netscape Add to: Furl Add to: Yahoo Add to: Blogmarks Add to: Diigo Add to: Technorati Add to: Newsvine Add to: Blinkbits Add to: Ma.Gnolia Add to: Spurl Add to: Google Add to: Blinklist Information

Blog Categories

rss      atom

Log In



You can also Login with a account or
Joomla: A Bug In Joomla 1.5.7 !!! PDF Print E-mail

Tags: gmail authentication | joomla | joomla plugin

Thursday, 09 October 2008 14:38

Sites, using Joomla's built-in Gmail Authentication Plugin, be alert! Your admin or moderator accounts from those sites can be stolean by other members through that plugin. We just found out that, there is a security hole in Joomla 1.5.7's Gmail Authentication Plugin.

Here's the scenario...

Let's say, we have a Joomla site with a super admin called BigBoss and his password is Joomla.

Then we enable Gmail -Authentication Plugin.

Unfortunately, a gmail user, whose account id is also BigBoss (@gmail.com), comes and accesses our Joomla site.

Though, they are having the same IDs, their passwords are different. Let the gmail user's password be Gmail.

 

Okie... Here comes the interesting part,

 

What will happen if a user uses ID/PW as BigBoss/Joomla...?

Yah... Simple... He will be authenticated as a super admin.

 

What if he uses This e-mail address is being protected from spambots. You need JavaScript enabled to view it /Gmail...?

Another straight-forward answer, he will be authenticated as a normal user...

 

Again, what will happen, if he uses BigBoss/Gmail...?

By right, he should be authenticated as a normal user...

But, in reality, Joomla lets him login as a super admin!!!

boom

Nov 20, 2008: Don't worry! I already fixed the script so that it will correctly detect whether the user is a joomla user or a gmail user.

Please proceed to my tutorial post to find out the solution!

< Prev   Next >
 

Add comment


Security code
Refresh

Home Knowledge Joomla: A Bug In Joomla 1.5.7 !!!