Bug #41778 Vulnerability allows access to 3rd party's joomla mysql database
Submitted: 29 Dec 2008 8:07 Modified: 29 Dec 2008 8:41
Reporter: Kevin Seraaj Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL++ Severity:S1 (Critical)
Version:UNK OS:Any
Assigned to: CPU Architecture:Any

[29 Dec 2008 8:07] Kevin Seraaj
Description:
This bug allows a third party to gain access to another Joomla site's mysql database.

How to repeat:
I am using MySQL 5x with Joomla 1.5x, but the problem is not with my site. 

I was casually looking through my mySQL database using phpMyAdmin when I got to this table:  jos_core_log_items.  This table is a part of the joomla database distribution.

I clicked on browse to see what kind of things were being logged, and I noted this warning:  "No index defined!  Create an index on ___ columns."  

Not knowing whether I should create the index or not, I decided to research the issue first and see what other users had been told to do.  

So I entered this query into google search: "Table: jos_core_log_items"

I was presented with a list of what I assumed were similar requests for assistance by other users.  But when I clicked on one, I was taken directly to that site's database.

I repeated the process several times to be sure that database access was being achieved routinely and each time I got into the website's database with no problem.  And each time it was a joomla mySQL database (i.e., jos_banners, jos_users, etc).  

Since every google website result that I clicked on for the "Table: Table: jos_core_log_items" search brought up a joomla mySQL database, I thought you should know.

Suggested fix:
Am reporting this immediately.  Haven't had time to explore any possible fixes.
[29 Dec 2008 8:41] Sveta Smirnova
Thank you for the report.

That user you found access to the database should close access to PHPMyAdmin, Joomla and MySQL installation herself. MySQL has nothing to do with it and can not fix user errors. So I close the report as "Not a Bug"