We use Joomla for our company website, which hacked and defaced yesterday morning using a trivial SQL injection in a malformed URL. Now our website advertises viagra...
Found the malformed URL in the logs and went to joomla website and forums and could not find _anything_ relating to this 'exploit', No fix, nada, nothing.
I could fix it, it is open source after all, but instead I ripped out the whole joomla install and replaced it with a static version of the site.
Did a google search on the malformed URL and found a (russian) forum with detailed instructions on how to get admin access to Joomla sites, including ready made perl scripts to do all the work for you....
and an additional malformed URL which I had not seen used on our site that will display the contents of any file in /etc/ in the browser. Tried it on our server...and yup, that works. Again no mention of exploit or fix on joomla website.
Goooodby Joomla. Hope we never meet again.
