Shady Joomla Buffoonery

ArtioSEF Hacks Joomla! MetaData in Shameless Self-Promotion Scandal

April 14, 2008 by shadyjoomlabuffoonery

It has been brought to our attention that ArtioSEF hacks Joomla’s Generator metadata, shamelessly appending links to generate self promotion and advertising revenue.

This is exactly the kind of Shady Buffoonery that we seek to expose.

This is achieved by the following line of code on 415 of administrator/components/com_sef/sef.class.php:

eval(base64_decode('JHNlZkRpckFkbWluID0gJEdMT0JBTFNbJ21vc0NvbmZpZ19hYnNvbHV0ZV9wYXRoJ10uJy9hZG1pbmlzdHJhdG9yL2NvbXBvbmVudHMvY29tX3NlZi8nOwovLyBsb2FkIGNoZWNrc3VtcwokbGljZW5zZSAgPSB0cmltKEBmaWxlX2dldF9jb250ZW50cygkc2VmRGlyQWRtaW4uJ3NpZ25hdHVyZS5iNjQnKSk7CiRjaGVja3N1bSA9IHRyaW0oQGZpbGVfZ2V0X2NvbnRlbnRzKCRzZWZEaXJBZG1pbi4nY2hlY2tzdW0ubWQ1JykpOwokY2hlY2tzdHIgPSAnJzsKZ2xvYmFsICRzZWZDaGVja0E7CiRzZWZDaGVja0FbM10gPSAkc2VmQ2hlY2tBWzJdID0gJHNlZkNoZWNrQVsxXSA9ICRzZWZDaGVja0FbMF0gPSAnJzsKJHNlZkNoZWNrQSA9IGV4cGxvZGUoJy0nLCAkbGljZW5zZSk7CmZvcmVhY2ggKCRzZWZDaGVja0EgYXMgJGlkID0+ICRjaGVja3BhcnQpIHsKJHNlZkNoZWNrQVskaWRdID0gYmFzZTY0X2RlY29kZSgkY2hlY2twYXJ0KTsKJGNoZWNrc3RyIC49ICRzZWZDaGVja0FbJGlkXTsKfQ0gICAgICAgICR0aGlzLT5lbmFibGVkICY9ICgkY2hlY2tzdW0gPT0gbWQ1KCRjaGVja3N0cikpOwpmdW5jdGlvbiB4bWxQYXJzaW5nKCRwYXRoLCAkYmFzZSwgJGluZGV4LCAkb3B0aW9uKQp7Cmdsb2JhbCAkX1ZFUlNJT04sICRzZWZDaGVja0E7CmlmICgoJHBhdGggPT0gJGJhc2UpCnx8ICgkcGF0aCA9PSAoJGJhc2UuJGluZGV4KSkKfHwgKEAkb3B0aW9uID09ICdjb21fZnJvbnRwYWdlJykpIHsKLy8gZnJvbnRwYWdlIGNvZGUKJF9WRVJTSU9OLT5VUkwgLj0gJHNlZkNoZWNrQVswXTsKJF9WRVJTSU9OLT5DT1BZUklHSFQgLj0gJHNlZkNoZWNrQVsxXTsKfQplbHNlIHsKLy8gb3RoZXIgcGFnZSBjb2RlCiRfVkVSU0lPTi0+VVJMIC49ICRzZWZDaGVja0FbMl07CiRfVkVSU0lPTi0+Q09QWVJJR0hUIC49ICRzZWZDaGVja0FbM107Cn0KfQpmdW5jdGlvbiBpbmNsdWRlU2VmKCRvbmNlID0gZmFsc2UpCnsKZ2xvYmFsICRtb3NDb25maWdfYWJzb2x1dGVfcGF0aCwgJHNlZkNoZWNrQTsKc3RhdGljICRmaXJzdCA9IHRydWU7CmlmKCAkb25jZSAmJiAhJGZpcnN0ICkgIHJldHVybjsKJHR4dCA9IGZpbGVfZ2V0X2NvbnRlbnRzKCRtb3NDb25maWdfYWJzb2x1dGVfcGF0aC4nL2NvbXBvbmVudHMvY29tX3NlZi9zZWZfZXh0LnBocCcpOwppZihzdWJzdHIoJHR4dCwgMCwgNSkgIT0gJzw/cGhwJykgewokdHh0ID0gYmFzZTY0X2VuY29kZSgkdHh0KTsKJHR4dCA9ICRzZWZDaGVja0FbNF0uJHR4dDsKJGRldHh0ID0gYmFzZTY0X2RlY29kZSgkdHh0KTsKJGRldHh0ID0gc3Vic3RyKCRkZXR4dCwgMiwgLTIpOwpldmFsKCRkZXR4dCk7Cn0gZWxzZSB7CmlmKCAkb25jZSApIHsKaW5jbHVkZV9vbmNlKCRtb3NDb25maWdfYWJzb2x1dGVfcGF0aC4nL2NvbXBvbmVudHMvY29tX3NlZi9zZWZfZXh0LnBocCcpOwp9IGVsc2UgewppbmNsdWRlKCRtb3NDb25maWdfYWJzb2x1dGVfcGF0aC4nL2NvbXBvbmVudHMvY29tX3NlZi9zZWZfZXh0LnBocCcpOwp9Cn0KJGZpcnN0ID0gZmFsc2U7Cn0='));

To fix, replace this evil line of code with the following:

        function xmlParsing($path, $base, $index, $option) {
            return;
        }

        function includeSef($once = false) {
            global $mosConfig_absolute_path, $sefCheckA;
            static $first = true;
            if( $once && !$first )  return;
            if( $once ) {
                include_once($mosConfig_absolute_path.'/components/com_sef/sef_ext.php');
            } else {
                include($mosConfig_absolute_path.'/components/com_sef/sef_ext.php');
            }
            $first = false;
        }

Tags: advert, advertising, artio, artiosef advert, artiosef advertising, artiosef adverts, component, joomla, joomsef, sef, shady
Posted in Components | 5 Comments »

Shady Joomla Buffoonery

Pages

Archives

Categories

Meta