Book Image

Joomla! Web Security

Book Image

Joomla! Web Security

Overview of this book

Table of Contents (16 chapters)
Joomla! Web Security
Credits
About the Author
About the Reviewer
Preface

SQL Injections


SQL databases are the heart of your Joomla! CMS. The database holds the content, the users' IDs, the settings, and more. To gain access to this valuable resource is the ultimate prize of the hacker. Accessing this can gain him/her an administrative access that can gather private information such as usernames and passwords, and can allow any number of bad things to happen.

When you make a request of a page on Joomla!, it forms a "query" or a question for the database. The database is unsuspecting that you may be asking a malformed question and will attempt to process whatever the query is.

Often, the developers do not construct their code to watch for this type of an attack. In fact, in the month of February 2008, twenty-one new SQL Injection vulnerabilities were discovered in the Joomla! land.

The following are some examples presented for your edification. Using any of these for any purpose is solely your responsibility and not mine:

Example 1

index.php?option=com_****&Itemid...