NYCPHP Meetup

NYPHP.org

[joomla] Tutorial on using SVN in web development

Herb Tucker htucker at covenanttek.com
Thu Mar 11 08:06:40 EST 2010 

Hi All,
Ran across this tutorial on using SVN in web development and found it to be
helpful.
http://f6design.com/journal/2009/12/23/subversion-for-web-development-part-1
/ 
Cheers!
Herb

Herbert M. Tucker
Principal
Covenant Technical Services, Inc.
P: 732-497-0326
C: 848-218-9172
F: 732-497-0326
E: htucker at covenanttek.com
W: www.covenanttek.com


____________________________________________________________________________
____________________________________________________________________________
______

This electronic message transmission contains information from Covenant
Technical Services, Inc. which may be confidential or privileged. Recipients
should not file copies of this e-mail with publicly accessible records. The
information is intended to be for the use of the individual(s) named above.
If you are not the intended recipient, please be aware that any disclosure,
copying, distribution or use of the contents of this message is prohibited. 

If you have received this electronic transmission in error, please notify us
by electronic mail immediately and delete this email from your system. 

Thank you.


-----Original Message-----
From: joomla-bounces at lists.nyphp.org [mailto:joomla-bounces at lists.nyphp.org]
On Behalf Of joomla-request at lists.nyphp.org
Sent: Tuesday, March 09, 2010 12:00 PM
To: joomla at lists.nyphp.org
Subject: joomla Digest, Vol 39, Issue 8

Send joomla mailing list submissions to
	joomla at lists.nyphp.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.nyphp.org/mailman/listinfo/joomla
or, via email, send a message with subject or body 'help' to
	joomla-request at lists.nyphp.org

You can reach the person managing the list at
	joomla-owner at lists.nyphp.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of joomla digest..."


Today's Topics:

   1. Probe via search module? (Web Project)
   2. Re: Probe via search module? (Chris TheEnd)
   3. Re: Probe via search module? (Gary Mort)
   4. Re: Probe via search module? (Mitch Pirtle)


----------------------------------------------------------------------

Message: 1
Date: Mon, 8 Mar 2010 20:22:21 -0800 (PST)
From: Web Project <web at kluger.com>
To: joomla at lists.nyphp.org
Subject: [joomla] Probe via search module?
Message-ID: <230670.13295.qm at web30805.mail.mud.yahoo.com>
Content-Type: text/plain; charset="us-ascii"

Hi,


My log watch detected the following request on my Joomla site. --

    index.php?module=search&q=./../../../../../../../../etc/passwd

Is this sort of thing a known exploit?

Anyone know if it has been fixed or not?

Thanks,

Larry
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.nyphp.org/pipermail/joomla/attachments/20100308/11faadae/attac
hment-0001.html>

------------------------------

Message: 2
Date: Mon, 8 Mar 2010 22:52:59 -0600
From: Chris TheEnd <chris at theendrecords.com>
To: "NYPHP SIG: Joomla" <joomla at lists.nyphp.org>
Subject: Re: [joomla] Probe via search module?
Message-ID: <B75A4215-370D-47E8-8AA7-EA5351CE992F at theendrecords.com>
Content-Type: text/plain; charset="us-ascii"

http://packetstormsecurity.org/1002-exploits/javapont-lfi.txt

the type of attack is very standard

it is called local file inclusion,

Local File Inclusion - joomla
http://www.google.com/search?hl=en&client=firefox-a&hs=Fxr&rls=org.mozilla%3
Aen-US%3Aofficial&q=Local+File+Inclusion+-+joomla&aq=f&aqi=&aql=&oq=



On Mar 8, 2010, at 11:22 PM, Web Project wrote:

index.php?module=search&q=./../../../../../../../../etc/passwd

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.nyphp.org/pipermail/joomla/attachments/20100308/f4a45aef/attac
hment-0001.html>

------------------------------

Message: 3
Date: Tue, 9 Mar 2010 00:43:56 -0500
From: Gary Mort <garyamort at gmail.com>
To: "NYPHP SIG: Joomla" <joomla at lists.nyphp.org>
Subject: Re: [joomla] Probe via search module?
Message-ID:
	<4bffc351003082143xd69969ep8c96857d1dfc94c0 at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

On Mon, Mar 8, 2010 at 11:22 PM, Web Project <web at kluger.com> wrote:

> Hi,
>
> My log watch detected the following request on my Joomla site. --
>
>     index.php?module=search&q=./../../../../../../../../etc/passwd
>
> Is this sort of thing a known exploit?
>

That is not even a joomla function.

Joomla functions would be options=com_something&task=sometask&q=something

It's more likely an exploit for some other set of PHP code and their just
scanning every website for it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.nyphp.org/pipermail/joomla/attachments/20100309/0f7866dd/attac
hment-0001.html>

------------------------------

Message: 4
Date: Tue, 9 Mar 2010 08:21:17 -0500
From: Mitch Pirtle <mitch.pirtle at gmail.com>
To: "NYPHP SIG: Joomla" <joomla at lists.nyphp.org>
Subject: Re: [joomla] Probe via search module?
Message-ID:
	<330532b61003090521m2a9f786dy2f852cfbaf7d299a at mail.gmail.com>
Content-Type: text/plain; charset=UTF-8

That is a VERY old issue from the PHP4 days... This script kiddie
should point their script over at Karjackistan or some such place
where everyone is still rocking Windows for Workgroups. Gah.

-- Mitch

On Tue, Mar 9, 2010 at 12:43 AM, Gary Mort <garyamort at gmail.com> wrote:
>
>
> On Mon, Mar 8, 2010 at 11:22 PM, Web Project <web at kluger.com> wrote:
>>
>> Hi,
>>
>> My log watch detected the following request on my Joomla site. --
>>
>> ??? index.php?module=search&q=./../../../../../../../../etc/passwd
>>
>> Is this sort of thing a known exploit?
>
> That is not even a joomla function.
> Joomla functions would be options=com_something&task=sometask&q=something
> It's more likely an exploit for some other set of PHP code and their just
> scanning every website for it.
> _______________________________________________
> New York PHP SIG: Joomla! Mailing List
> http://lists.nyphp.org/mailman/listinfo/joomla
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>


------------------------------

_______________________________________________
joomla mailing list
joomla at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/joomla

End of joomla Digest, Vol 39, Issue 8
*************************************

More information about the Joomla mailing list