Mambo Joomla SQL Plugin Exploits.

Publicated on : 1201888234
It's is a known problem that third party plugin developers are the biggest threat to a software package that allows plugins to be written for. Historically Mambo or Joomla was plagued with it. And this will continue as long as clueless programmers keep on releasing insecure plugins. But, partly it can be blamed upon the developers of those software packages. My argument: why don't they release an API that contains secure SQL wrappers to their plugin developers? it seems the plugin developers are writing their own insecure wrappers. If they can provide secure wrappers, the issues can be solved once and for good. The only thing the plugin developers do is calling native wrappers, and that should be it.

What happens when they continue like this? Well, then you keep seeing these issues emerge on milw0rm and other exploit databases. For example here are some fresh exploits that target these plugins: