Exactly 3 days ago, the Joomla team issued a patch for a high-severity vulnerability that allows remote users to create accounts and increase their privileges on any Joomla site. Both issues combined give the attackers enough power to easily upload backdoor files and get complete control of the vulnerable site. A few hours after the […]
Tag Archives: Joomla! Security
Details on the Privilege Escalation Vulnerability in Joomla
Yesterday, Joomla! 3.6.4 was released, patching a critical privilege escalation and arbitrary account creation vulnerability. As we’ve seen some exploits attempts occurring in the wild, we feel it is a good time to describe what the issue is and how it was fixed. Analyzing the Patch It was fairly easy to figure out where the […]
Joomla Account Creation Vulnerability
The Joomla team released a serious security vulnerability affecting all Joomla versions from 3.4.4 and up. If you’re using one of these versions of Joomla, you’re encouraged to update immediately. The vulnerability has a high severity as it allows anyone to create a user remotely and specify the desired group permission to it, including administrator. Two […]
Hacked Website Report – 2016/Q2
Today we’re releasing our quarterly Hacked Website Report for 2016/Q2. The data in this report is based on compromised websites we worked on, with insights and analysis performed by our Incident Response Team (IRT) and Malware Research Team (MRT). CMS Analysis Our analysis consisted of over 9,000 infected websites. The graphs below show a side-by-side… […]
New Realstatistics Attack Vector Compromising Joomla Sites
Over the past few weeks we’ve seen a large number of Joomla websites compromised with the Realstatistics malware campaign. This mass infection is still evolving and continues to distribute harmful ransomware to compromised website visitors. Today we are providing more context on the new attack vector and exploitation process used to to compromise these sites…. […]
Backdoor in Fake Joomla! Core Files
We usually write a lot about obfuscation methods on Sucuri Labs and here on the blog. Sometimes we write about free tools to obfuscate your code that aren’t that free and we also have an online tool to help decoding the malware you find. But sometimes the malware is not clearly encoded using base64, gzinflate, hex concatenation,… […]
WordPress Redirect Hack via Test0.com/Default7.com
We’ve been working on a few WordPress sites with the same infection that randomly redirects visitors to malicious sites via the default7 .com / test0 .com / test246 .com domains. In this post, we’ll provide you with a review of this attack, investigated by our malware analyst, John Castro. Header.php Injection In all cases, theRead […]
Ask Sucuri: Differentiate Between Security Firewalls
Question: How should a website owner differentiate between Firewalls? What do they do? The term “firewall” is not new. It is common terminology in the world of technology and security, and possibly common enough that even non-technical people have a basic understanding of what a firewall is. Its meaning actually extends beyond security. The brick walls thatRead […]
Vulnerability Details: Joomla! Remote Code Execution
The Joomla! team released a new version of Joomla! CMS yesterday to patch a serious and easy to exploit remote code execution vulnerability that affected pretty much all versions of the platform up to 3.4.5. As soon as the patch was released, we were able to start our investigation and found that it was alreadyRead […]
Critical 0-day Remote Command Execution Vulnerability in Joomla
The Joomla security team have just released a new version of Joomla to patch a critical remote command execution vulnerability that affects all versions from 1.5 to 3.4. This is a serious vulnerability that can be easily exploited and is already in the wild. Zero day Exploits in the Wild What is very concerning isRead […]