AOH :: HP Unsorted C :: BT-21908.HTM

com_jumi / jumi 2.0.5 for joomla 1.5 backdoored
com_jumi / jumi 2.0.5 for joomla 1.5 backdoored
com_jumi / jumi 2.0.5 for joomla 1.5 backdoored

Summary: another backdoored joomla component (yawn)

Application: Jumi, a joomla component

About Jumi:
  Jumi is the set of custom code extensions for Joomla! 1.0.x and 1.5.x in
  their native modes. Since 2006 more then 200.000 downloads.  With Jumi you
  can include php, html, javascript scripts into the modules position,
  articles, category or section descriptions, or into your own custom made
  component pages.
Fun snippet from the release_notes.txt:
    - Fixed: security vulnerability
Vendor notified:
  *.cz .. I looked at the fun pictures on the "about us" screen, and
left it at that.
  Joomla?  A CC of this mail on their "STRIKE TEAM" form (are you
afraid of e-mail gentlemen?)

Download url/s: 


The installation sends your joomla URL and passwords to and drops the following file: 


Which says that the loveless individual who did the backdooring
doesn't like to share (c'mon man, give a bit): you are hosting the backdoor notification site 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH
We do not send spam. If you have received spam bearing an email address, please forward it with full headers to