nino blog
 
Thursday, November 23, 2006
Minimalis serangan di Component Joomla
Percaya atau tidak.. cms joomla ternyata banyak segudang kelemahan.. upps... tapi bukan cms-nya tetapi commponent-nya.. :P salah satu contoh metode yg digunakan oleh component.. Dan terdapat di dalam script component tersebut... yaitu..

include_once($mosConfig_absolute_path."/components/com_galleria/galleria.html.php"); include_once($mosConfig_absolute_path."/components/com_galleria/config.galleria.php");

penjelasan tentang include_once

The include_once() statement includes and evaluates the specified file during the execution of the script. This is a behavior similar to the include() statement, with the only difference being that if the code from a file has already been included, it will not be included again. As the name suggests, it will be included just once. sumber : php.net

So.. yang harus kamu lakuin untuk mengatasi ini adalah..

register_globals dan allow_fopenurl dibikin OFF

itu yg saya lakukan.. setelah situs terkena hack.. dan untuk joomla saya gunakan ver 1.0.11 dan sampe sekarang setelah saya hubungi orang yg menghack situs tersebut, alhamdulillah aman2 aja...

ini situs yg di hack :
http://mercubuana-it.org
posted by qnoyyy @ 11:22 pm  
0 Comments:
Post a Comment
<< Home
 
About Me

Name: Nino
Home: Indonesia
About Me:
See my complete profile
Search This Blog
Google
 
Web This Blog
Previous Post
Archives
Shoutbox

Name :
Web URL :
Message :
:) :( :D :p :(( :)) :x

Links
Forum Links
Blog's Friends
Powered by

Free Blogger Templates

BLOGGER

View My Public Stats on MyBlogLog.com

Indonesian Muslim Blogger



Mortgage

© nino blog . template by isnaini dot com