Exploit Database. The Joomla! Hacking Compendium. EDB-ID: EDB Verified:. Author: Valentin. Type: papers. Platform: PHP. Published: Vulnerable App:. This paper focuses on how to hack Joomla installations and how to protect them. I do not want to motivate you to go out there and hack Joomla websites after you have read this document, this paper is more a theoretical view of how attackers could compromise the security of a website.
It should help you to understand basic security mechanics, which finally leads you to a point where you are able to protect Joomla websites. I also wrote this document in order to summ up some knowledge I gained about Joomla. I hope it will be helpful in some way and you learn something new. If you find any typos: feel free to drop me a mail or simply ignore them.
This paper was written for educational purposes. Always know and respect your local laws. While writing this document I assumed, that the reader already gained some knowledge about web security and Joomla. It was small, it was easy, it was new, it was amazing, it felt so fresh and yes, I wanted to sleep with it!
Finally someone invented a content management system which was easy to use and supported categories in categories, basic magazine features, easy content handling, awesome extensions management and was fast to install. While I have been creating countless websites with Joomla, I never gave security a thought at the beginning. For me it was just about installing Joomla, applying some cool theme and uploading douzends of extensions. But during the years I started to realize that there are kids and automated scripts out there which looked for vulnerable websites and "hacked" them automatically.
Without any human interaction it was poss- ible for them to compromise a Joomla installation and make clueless webmasters angry. I saw so many defaced sites, being a victim for scripts and not for skilled hackers. When I started to do some vulnerability and security research at March the time when I published security related documents for the first time , I began to focus on Joomla and the extensions which are available for it. I had no partiuclar reasons for it, it just happened because so many Joomla websites turned out to be unsecure.
But I also understood that Joomla itself, the core sounds very sci-fi like, doesn't it , seems to be secure in most ways. I focused on Joomla extensions and discovered many vulnerabilities, therefore in this document we will mostly have a look at stuff which is not part of the Joomla core. Now grab a coffee, switch on the music I prefer vocal trance, Tiesto is simply awesome btw! It is full of functions and possibilities to enhance its functionalities, therefore there may be many attack vectors in theory.
The download file comes with the core and at least one example theme. The Joomla core can be enhanced with the help of..
In most cases the components are vulnerable to attacks. The modules often only are used to display information in small boxes on the websites and contain no features which can be used for exploiting weak spots. The plugins mambots are more likely integrated core parts, e. The components are the most important extensions for this CMS, they provide classical functionality, like guestbooks, message boards, galleries, user management..
I need to know what tools they are using and if there are any tutorials online on how they hack the sites. Last edited by mandville on Sun Jun 19, pm, edited 1 time in total. Reason: signature against forum rules. Security Moderator. Here you can check for available extension updates available by clicking the Find Updates icon. If Joomla! Then select the extension you wish to update and click the Update icon.
The process is fully automatic and you are going to receive messagesand hints, depending on the extension, while updating. Post by leolam » Sun Jun 05, am davetanguay wrote: Is there some sort of software or script I can use which will scan a site and find vulnerabilities?
Post by PhilD » Sun Jun 05, pm Just be aware that the sucuri net scanner will not find all hacks. I was very dissapointed that we had one very recently on the forums here that the scanner said the site was all well and when you inspected the generated source in firefox there was the hack in index. Unmask parasites did not find the same hack either So both online site scanners failed to find a hack that I considered out in the open as the site was actively trying to attack visitors to it.
But I actually think the poster is actually asking in the quote Is there some sort of software or script I can use which will scan a site and find vulnerabilities? It used to prevent spamming in forums. It is based on the Bayesian algorithm and works more effectively with Akismet.
Incapsula offers performance with protection. Some of its salient features include instant virtual security patching, detecting vulnerabilities, advanced analytics, exclusive bot detection technology to reduce spam. It restricts web page printing, copying page contents, right-click option and copy functions using JavaScript. This plugin helps you to secure your Joomla site content from being misused.
This allows you to use an additional security key to login to Joomla Admin. It acts as a login protection extension by requiring a security key every time you need to access the login page. It is usually in the form of a secret word after an administrator? It can help you detect Trojans, worms, adware, spyware, etc. It is crucial that every website owner should be aware of the threats and risks and take steps to secure their site.
Particularly in Joomla, improving site security is important since it is based on an open source content management system and thus is more vulnerable to threats. All Rights Reserved. By: Naveen May 27, Phishing Another common hacking method is phishing. Weak Website Security Weak website security leads to making your site prone to attacks.
Insecure Server One of the other reasons for your Joomla site being hacked could be due to a misconfigured server. What to do if your Joomla site is hacked? Database Clean-up This is the first step to cleaning up your hacked Joomla site.
Secure the Server: As mentioned earlier, insecure servers can lead to a Joomla hack. Verify Versions: Use a version verification tool and check your site for any modifications to core Joomla files.
Working from a targeted domain passwords can quickly be found especially in larger organisations. A misconfigured server can allow you to view the contents of a directory in a web-accessible path. Viewing the contents of the directory allows an attacker to gather sensitive information not intended for public viewing about the existence and contents of the files. Such as hidden files, backup files, config files, plugins, and templates, without the need to brute force the paths.
Here we are checking network services. The main technique used for identifying the servers attack surface is Port Scanning. An Nmap port scan will identify the network services listening on the server. Working from the results of the Port Scan an attacker would identify server applications, versions and look for exploitation opportunities. If the Joomla site is protected by Sucuri or CloudFlare , exploits that might otherwise succeeed could be blocked. Even various reconnaissance techniques can be blocked by these web based firewall WAF.
Hacker Target hosts a free and simple to use passive Joomla scan. Discover vulnerabilities, web server details, configuration errors, identify template, and test for directory indexing and others. The freely available tools perform analysis from a simple page grab. Through the examination of the HTML source code, javascript , and a few other open publicly accessible pages, it is possible to gain immediate insights into the state of security on the target site.
This is applying only passive analysis methods, without sending any aggressive security scanning. Vulnerability Scanner. An open source project written in Perl. Ties some of these enumeration techniques together such as the Joomla version, vulnerabilities and the admin login page. JoomlaVS is an Open source Ruby application. Scan for vulnerabilities in components, modules and templates and basic fingerprinting.
Useful for automating a scan for low-hanging fruit. But it isn't enabled by default. Detecting weak passwords for Joomla comes in a variety of ways. There are many ways to to brute force a login page, here are a few. An Nmap NSE script is particularly helpful for performing a brute-force password play against a Joomla install. If there is a login form on the site or you have found the administrator interface, then burp suite can be used to try to brute force the password.
There are other tools around such as JoomBrute, and others such as Hydra and Ncrack, though the latter two are most suited for other protocols. One is the Joomla Bruteforce login utility.
The Joomla Developer Network has a Security Announcements which provides a feed of recently resolved security issues in Joomla software releases. As part of the Joomla extension directory, Joomla has a list of Vulnerable extensions. An issue was discovered in the Creative Contact Form extension A directory traversal vulnerability resides in the filename field for uploaded attachments. An attacker could exploit this vulnerability with the "Send me a copy" option to receive any files of the filesystem via email.
While vulnerabilities in templates are not as common as extensions, it is still worth checking the template in use. Check the developers page for security related updates, and if its a custom environment running standard web application testing may discover unpublished vulnerabilities. In this example of an XSS vulnerability, we see that even the Joomla Core Default template had a vulnerability as recently as Vulnerabilities in Joomla Core are highly valued by an Attacker as it does not depend on a particular extension being installed.
0コメント