ArtioSEF Hacks Joomla! MetaData in Shameless Self-Promotion Scandal

shadyjoomlabuffoonery — Mon, 14 Apr 2008 14:10:02 +0000

It has been brought to our attention that ArtioSEF hacks Joomla’s Generator metadata, shamelessly appending links to generate self promotion and advertising revenue.

This is exactly the kind of Shady Buffoonery that we seek to expose.

This is achieved by the following line of code on 415 of administrator/components/com_sef/sef.class.php:

eval(base64_decode('JHNlZkRpckFkbWluID0gJEdMT0JBTFNbJ21vc0NvbmZpZ19hYnNvbHV0ZV9wYXRoJ10uJy9hZG1pbmlzdHJhdG9yL2NvbXBvbmVudHMvY29tX3NlZi8nOwovLyBsb2FkIGNoZWNrc3VtcwokbGljZW5zZSAgPSB0cmltKEBmaWxlX2dldF9jb250ZW50cygkc2VmRGlyQWRtaW4uJ3NpZ25hdHVyZS5iNjQnKSk7CiRjaGVja3N1bSA9IHRyaW0oQGZpbGVfZ2V0X2NvbnRlbnRzKCRzZWZEaXJBZG1pbi4nY2hlY2tzdW0ubWQ1JykpOwokY2hlY2tzdHIgPSAnJzsKZ2xvYmFsICRzZWZDaGVja0E7CiRzZWZDaGVja0FbM10gPSAkc2VmQ2hlY2tBWzJdID0gJHNlZkNoZWNrQVsxXSA9ICRzZWZDaGVja0FbMF0gPSAnJzsKJHNlZkNoZWNrQSA9IGV4cGxvZGUoJy0nLCAkbGljZW5zZSk7CmZvcmVhY2ggKCRzZWZDaGVja0EgYXMgJGlkID0+ICRjaGVja3BhcnQpIHsKJHNlZkNoZWNrQVskaWRdID0gYmFzZTY0X2RlY29kZSgkY2hlY2twYXJ0KTsKJGNoZWNrc3RyIC49ICRzZWZDaGVja0FbJGlkXTsKfQ0gICAgICAgICR0aGlzLT5lbmFibGVkICY9ICgkY2hlY2tzdW0gPT0gbWQ1KCRjaGVja3N0cikpOwpmdW5jdGlvbiB4bWxQYXJzaW5nKCRwYXRoLCAkYmFzZSwgJGluZGV4LCAkb3B0aW9uKQp7Cmdsb2JhbCAkX1ZFUlNJT04sICRzZWZDaGVja0E7CmlmICgoJHBhdGggPT0gJGJhc2UpCnx8ICgkcGF0aCA9PSAoJGJhc2UuJGluZGV4KSkKfHwgKEAkb3B0aW9uID09ICdjb21fZnJvbnRwYWdlJykpIHsKLy8gZnJvbnRwYWdlIGNvZGUKJF9WRVJTSU9OLT5VUkwgLj0gJHNlZkNoZWNrQVswXTsKJF9WRVJTSU9OLT5DT1BZUklHSFQgLj0gJHNlZkNoZWNrQVsxXTsKfQplbHNlIHsKLy8gb3RoZXIgcGFnZSBjb2RlCiRfVkVSU0lPTi0+VVJMIC49ICRzZWZDaGVja0FbMl07CiRfVkVSU0lPTi0+Q09QWVJJR0hUIC49ICRzZWZDaGVja0FbM107Cn0KfQpmdW5jdGlvbiBpbmNsdWRlU2VmKCRvbmNlID0gZmFsc2UpCnsKZ2xvYmFsICRtb3NDb25maWdfYWJzb2x1dGVfcGF0aCwgJHNlZkNoZWNrQTsKc3RhdGljICRmaXJzdCA9IHRydWU7CmlmKCAkb25jZSAmJiAhJGZpcnN0ICkgIHJldHVybjsKJHR4dCA9IGZpbGVfZ2V0X2NvbnRlbnRzKCRtb3NDb25maWdfYWJzb2x1dGVfcGF0aC4nL2NvbXBvbmVudHMvY29tX3NlZi9zZWZfZXh0LnBocCcpOwppZihzdWJzdHIoJHR4dCwgMCwgNSkgIT0gJzw/cGhwJykgewokdHh0ID0gYmFzZTY0X2VuY29kZSgkdHh0KTsKJHR4dCA9ICRzZWZDaGVja0FbNF0uJHR4dDsKJGRldHh0ID0gYmFzZTY0X2RlY29kZSgkdHh0KTsKJGRldHh0ID0gc3Vic3RyKCRkZXR4dCwgMiwgLTIpOwpldmFsKCRkZXR4dCk7Cn0gZWxzZSB7CmlmKCAkb25jZSApIHsKaW5jbHVkZV9vbmNlKCRtb3NDb25maWdfYWJzb2x1dGVfcGF0aC4nL2NvbXBvbmVudHMvY29tX3NlZi9zZWZfZXh0LnBocCcpOwp9IGVsc2UgewppbmNsdWRlKCRtb3NDb25maWdfYWJzb2x1dGVfcGF0aC4nL2NvbXBvbmVudHMvY29tX3NlZi9zZWZfZXh0LnBocCcpOwp9Cn0KJGZpcnN0ID0gZmFsc2U7Cn0='));

To fix, replace this evil line of code with the following:

        function xmlParsing($path, $base, $index, $option) {
            return;
        }

        function includeSef($once = false) {
            global $mosConfig_absolute_path, $sefCheckA;
            static $first = true;
            if( $once && !$first )  return;
            if( $once ) {
                include_once($mosConfig_absolute_path.'/components/com_sef/sef_ext.php');
            } else {
                include($mosConfig_absolute_path.'/components/com_sef/sef_ext.php');
            }
            $first = false;
        }

Shady Joomla Buffoonery

ArtioSEF Hacks Joomla! MetaData in Shameless Self-Promotion Scandal