Skip to content

Loading…

Mootools Plugin Infection #2472

Closed
FireFly9 opened this Issue · 14 comments

5 participants

@FireFly9

I have inherited a site with the YooMotion template. It was recently infected and the support person who assisted to remove the infection tracked it down to the MooTools plugin. He stated that
he had to manually remove an iframe code injected into several of the main web pages, and then had to remove several plug-ins that the Joomla site was using that had malicious code.

Can someone respond to this and let me know if this was a known issue and whether it has been resolved.

Thanks

@ibolmo
MooTools member

Without any code you're grasping at straws.

@FireFly9
@arian
MooTools member

Not that I know of.

@fakedarren
MooTools member

There isn't, no.

@fakedarren fakedarren closed this
@swhiteman

"Widespread infection" of the client-side component? Do you mean people distributing unauthorized forks of MooTools that did nasty things? I for one have heard nothing and for sure the standard packages are clean. What Olmo means is that you aren't giving an example of how the library is "infected."

Sounds a lot more like Joomla had a vulnerable plugin which maybe didn't validate or sanitize properly. The fact that Moo was used on the client is likely immaterial unless you can point to a contract made by the library that was broken (like client-side escaping).

@FireFly9
@FireFly9
@swhiteman

Then the infection (if there was one) was either in the YooMotion template itself or in the version of MooTools they were distributing with the template. Because Moo's license allows it to be freely distributed, authors tend to include a copy their whatever template/library instead of telling you to download it yourself. Just like you can create your own fork on GitHub called "MooBetter" that is totally malicious (until people figure it out).

Anyway, nothing stops a hacked site from serving up a hacked version of Moo and/or hacked version of their template, and you won't be any the wiser. I always download from MooTools.net myself and delete links to any other versions in libraries I use, but this is unenforceable on a wide scale because it means templates aren't "plug and play."

I still would doubt that a person who pwned a site would attack the bundled MooTools library and not the template unless there was some reason that the vulnerability only allowed them to upload new files or something. Though igetting a hacked Moo in the wild might mean a better payoff down the line.

@ibolmo
MooTools member
@FireFly9
@swhiteman

I don't know anything about Joomla! so couldn't tell ya. But isn't that the author's site you pointed to? Nothing better than that.

@FireFly9
@FireFly9
@swhiteman

Happy to help... in the future, post Moo questions first to the mailing list (Google Group), as you are more likely to need user support than to find an "issue" as in bug/defect.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.