Okay, I got Punk’d.

October 17, 2008 – 01:06

Besides writing great blog posts here I do a lot of other stuff. One of these things is designing websites for small businesses and private consumers. When creating these websites I always try to make them static or fully editable for the end user because I cannot be looking after all these websites on my own. Because of this I make great use of open source projects (like wordpress, the CMS used for this blog) which are free to use and usually have a big community that is able to offer help when needed.

So, what’s the problem? Well, a customer send me an e-mail asking why I uploaded Google AdSense banners on his website. He kindly asked me to remove them because of colliding interests. Funny thing is, I thought I made a mistake because I had been real busy with another website which included a lot of advertisements of…. You guessed it! Google’s AdSense.

But when trying to login to the administration area of Joomla, for what I have SuperAdmin rights, I was denied entry because username and password did not match. Finally some bells started ringing, somebody hacked into the website and made some changes.

In phpMyAdmin I was able to see the changes made in the jos_users table. I was no longer able to login and mr.Ocel (arybegok@gmail.com (yes, do please spam the f*cker :p)) made himself SuperAdmin. Lucky for me I had some recent backups of the website files and the sql database. So after restoring the website I got qurious how he did it.

I found out he made use of the exploit in the Ignite gallery plugin. This hack was recently found and published on the 10th of october. Via SQL-injection he was able to grant himself acces to the admin area. I’m not sure wether he made the username and MD5 hash visbile and cracked the MD5 pass (which was not salted) or whether he altered everything with sql-queries trough the exploit.

Testing it out for myself I was only able to read the username and MD5 hash, tried to crack the hash here. But had no luck with the three tests I have done. Anyways, everybody using Ignite Gallery be sure to upgrade to version 0.8.3.2.