Joomla Vulnerabilities - XSS injection
Written by Ken Task
Ever wonder what the heck XSS injection vulnerability IS?
(not that one should really care to KNOW, but it doesn't hurt to begin thinking more securely - any OS, any app, and ANY DEVICE!)
Recently, Joomla announced an upgrade just for an XSS injection. They never fully disclose what (specifics) as that might be self-defeating.
They do rate the vulnerability … this last one was 'medium' which would give you some clue as to how important it is and help you determine IF this was something to change your priority list over or not.
(Uhhh, my best advice … medium or NOT, just do it!)
Here's a site that will help with understanding XSS Injections:
http://www.testingsecurity.com/how-to-test/injection-vulnerabilities/XSS-Injection
They even provide information on a SAFE way for you to test! ;)
[IF a site offers a 'free' site check, should you? OR is that 'free' site allowing you to collect vulnerable targets for them?]
Ok, let's say you do run a Joomla. What's the quickest EASIEST way to update a Joomla?
Answer: install the update manager component.
You CAN do it from your Admin backend.
Extensions
Install/Uninstall
Install from URL:
http://www.k12os-foss.net/jinstalls/com_jupdateman_151.tgz
as the location if the component to install.
Click "install"
That will display under components menu as 'update manager'.
It's simple to use. Just one piece of advice … BACKUP your site first.
(always a good practice).
AND … rather than doing a full update, use the patch update option.
Faster, gets only the core code that needs fixing!
Truth in Advertising … the above is known to work on Linux flavored boxen.
Good chance that a MacOSX server can do. Windows - un-known.
Since the package is a .tgz your mileage might vary.
When in doubt, DON'T on your production site. Step through the process on a 'sandbox' Joomla installation to test FIRST!
| < Prev | Next > |
|---|
Latest News
Ken's Korner
RSS
AllVideos HELP!
TCEA Community
