Attackers Can Hijack Joomla Sites Via User-Agent Strings

An anonymous reader writes: Joomla just issued a emergency security patch after Sucuri observed a large number of attacks on Joomla sites using malicious user-agent strings. Attackers were adding malicious code to custom-made user-agent strings, which were not sanitized and stored in the database. These allowed attackers to trigger remote code on the site and grant them a backdoor into targeted websites. Even if Joomla doesn't care about older versions, the bug was so critical that it issued security patches even for EOL versions going back to 1.5.x.

use parameterized statements you moron

It's been 15 years since the explosive growth of the Internet started, dammit. Any "programmer" in this day and age who doesn't sanitize inputs for absolutely every parameter from an service facing the internet should be barred from using a compiler permanently.

Programmers like you are the fucking problem.

You don't sanitize your inputs, you use fucking parameterized statements to access the database; always. If you have to do any sanitizing beyond that you need to pick a different language; one where you can't escape string data and transform it into run time code.