Menu Content

Support

> Forums, FAQs & Paid Support
Welcome, Guest
Username Password: Remember me

Auto generation of URL Problem Joom sef - help me
(1 viewing) (1) Guest
Support forum for users using free edition of JoomSEF 3 (Joomla 1.5 compatible). These forums are mainly for mutual help between users.

Please note that due to our capacity limitations, we do not monitor these forums regularly.
  • Page:
  • 1

TOPIC: Auto generation of URL Problem Joom sef - help me

Auto generation of URL Problem Joom sef - help me 16 years ago #5216

Hi! every one

It is not good day for me some one hacked my site using joom sef

i will explain what happened
some one have appended this code

index.php?option=com_content&\';DECLARE @S CHAR(4000);SET @S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686
172283430303029204445434C415245205461626C655F437572736F7220435552534F522046
4F522073656C65637420612E6E616D652C622E6E616D652&Itemid=47


to the existing url in the address bar, so JOOM SEF created a SEF URL for this junk in the Item id 47 say Item id 47 is contact us page. Now it will generate as /contactus2.html like vise i have more than 6000 url got generated.. so my site is dead slow Do some one can say what i am suppose to do?

Technical Details:

ARTIO JoomSEF v2.2.6
Joomla 1.0X

IS this problem is solved in the higher version? please Help me

Thanks in advance
-Ram
Last Edit: 16 years ago by ramchandev. Reason: make it neat

Re:Auto generation of URL Problem Joom sef - help me 16 years ago #5304

  • miun
  • OFFLINE
  • A pesimist is just a well-informed realist.
  • Posts: 563
Hello,

this should be no security thread though. We will implement protetion from this in the next release.
Meanwhile, just clean-up your URLs database using the URL editor. (or by purging stored URLs as they will be regenereted by JoomSEF)
ARTIO Support Team

Re:Auto generation of URL Problem Joom sef - help me 16 years ago #5309

Thank you so much!

Ii am awaiting for your next release any how i found a way to stop the junk URL creation. Even though it is not the right way.

-Ram

Re:Auto generation of URL Problem Joom sef - help me 16 years ago #5310

Thank you so much!

I am awaiting for your next release any how i found a way to stop the junk URL creation.
Hello ARTIO Support Team,

I took this solution from john
and it is working well tell me is this is ok!

I worked around the code and has come up with a solution. Please let us know if this is ok.

####################################################
Here is the issue:
#####################################################
The redirection table generated few junk urls like

1. index.php?option=com_content&id=www.boomerbible.com/instapunk/MType/arch...k=view&Itemid=26
2. index.php?option=com_content&\';DECLARE @S CHAR(4000);SET @S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652

#####################################################
Here is the Solution:
#####################################################

JoomSEF rewrites every joomla URL to SEF URLS, our plan is to block the creation of SEF URLs if a Joomla URL contains special character.

For example in the below URL "http:" and "www." are the special character
"index.php?option=com_content&id=www.psikolojikyardim.org/etkinlik/includ...&Itemid=26"


Here are the few special characters that we will be checking for
1. http:
2. @
3. ' (single quotes)
4. charset

Please let me know if this is the valid solution
#####################################################

Code snippet of sef_ext.php (at line number 772)
#######################################################
// If 404 exists, rewrite it to the new URL
if (!is_null($id)) {
$sqlId = ((isset($Itemid) && $Itemid != '') ? ", `Itemid` = '$Itemid'" : '');
$query = "UPDATE #__redirection SET `newurl` = '".mysql_escape_string(urldecode($url))."'$sqlId WHERE `id` = '$id'";
$database->setQuery($query);

// If error occured.
if (!$database->query()) var_dump($query);
}
// Save it in the database as new record
else {
$col = $val = '';
if( isset($Itemid) && ($Itemid != '') ) {
$col = ', Itemid';
$val = ", '$Itemid'";
}
// WSX - START of the hack code
$wsx_Joomla_new_url=mysql_escape_string(urldecode($url));

$wsx_junk_keywords = array("www.", "(", "@", "CHAR(", "http");

$wsx_flag=100;

foreach($wsx_junk_keywords as $wsx_junk_temp )
{

$wsx_newstring = strstr($wsx_Joomla_new_url, $wsx_junk_temp);
if($wsx_newstring!="")
{
$wsx_flag=1999;
}

}

// WSX - END of the hack code
$query = 'INSERT INTO #__redirection (oldurl, newurl'.$col.') '.
"VALUES ('".$temploc."', '".mysql_escape_string(urldecode($url))."'$val)";
//WSX - If the condition is true for Junk char in URL, Stop inserting the URL into jos_redirection table
if($wsx_flag!=1999)
{
$database->setQuery($query);
}

// If error occured.
if (!$database->query()) var_dump($query);

}

#######################################################



I worked with this code and found it is working thanks to John!
-Ram
  • Page:
  • 1
User Login Empty