How to overcome sql injection on joomla 2.5?

K

kmaroff2015-03-20 12:58:33

MySQL

kmaroff, 2015-03-20 12:58:33

Hello, help to defeat the introduction of an external link to the site through sql injection, or rather, to calculate the malicious code or advise an algorithm of actions to block oxygen and protect against this kind of hacking.
cms joomla 2.5
The table in the database where the link is inserted is known, the link itself is known. When you delete rows from a table, they immediately appear there. I understand that just changing the passwords from the accounts will not help. How to calculate the code that pushes its links into the database? How to block this path or make a screenshot of the left sql queries?

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

A

Andrey Popov, 2015-03-20
@Nord001

To begin with, I would advise you to check whether logging is enabled in access and error logs by the web server. If it is enabled and you know the approximate time of application of the injection, study them.
Most likely you will find a script in which there is a hole. Well, then it's up to the small - patching it. But this way you can only cover the holes that were used and you noticed.

S

Sergey Shchuchkin, 2015-03-20
@shuchkin

Hard interception

// libraries/joomla/database/driver/mysqli.php
// добавь после строки 559: $this->cursor = @mysqli_query($this->connection, $query);

if (strpos($query, 'WWW.ZLOVRED')) { // замени на свой
  mail(  'адрес для отладки@example.com',  'Hack!', print_r( debug_backtrace(), true ));
}

* I haven't tried it myself.

I

Igor Vorotnev, 2015-03-20
@HeadOnFire

Stop using Joomla 2.5 in its entirety or the module in which this happens (if it is not the core of the system).

E

Evgeny Kumanin, 2015-03-21
@jackkum

Where did you download the Joomla installation package from?
Have you installed any extensions?
Maybe there is a backdoor on the server?
etc.
Sergei Shchuchkin is a good suggestion on how to identify the malware.