Using a combination of available tools will get the best results. There is no one size fits all when it comes to Joomla. Several tools can brute force known extension/component list. To find all the installed extensions you have to be more aggressive. Some extensions do not leave traces in the HTML source. Once, an add-on is identified additional information can be gathered from the manifest file. Hints to the extensions and modules present in a site may be found in the HTML source of the page. It can be used as a source of information or a place to start when looking at a Joomla site. This list is of vulnerable extensions for which no patch is known to exist. It is worth noting Joomla has a live list called - Vulnerable Extensions List (VEL) Unfortunately, unless you have the administrator account details, there is no easy way to find every single extension of a particular Joomla install. Knowing these extensions may allow us to identify the version, and research whether it is vulnerable to known exploits. Vulnerabilities can arise in any of these when poorly coded, an example could be non-logged in users having access to the same features as logged in users.Įnumeration is attempting to find as many installed extensions as we can, including disabled extensions. To identify the version we can check the joomla.xml file within the directory /administrator/manifests/files/Īll can be installed as required. This example is taken from the source of a default Joomla install. This is the simplest way to determine if Joomla is being used. Meta GeneratorĬheck the HTML source of the page for a meta generator tag in the HEAD section of the HTML source. To determine if the site is running Joomla, and identify the Joomla Core version, three simple methods can be used to determine the version of Joomla in use. Or it can be conducted overtly by aggressively brute-forcing web paths to identify the presence of extensions. Enumeration or reconnaissance can be conducted stealthily with regular web requests used to gather technical information about the site. Now is the time to put yourself in the hacker's mindset. This information is essential as it will aid us as we move onto the actual attacking or exploitation phase. Stage 1 is to discover as much technical information regarding the site configuration. This popularity makes it a target for bad guys aiming to use a compromised web server for malicious purposes.Ī lot of Joomla security holes arise from lack of maintenance, not taking passwords seriously, poorly coded extensions and even site backup's left in the web root. Similar to WordPress's plugins, Joomla allows functionality through "Extensions" It is open-source, free to download, and easy to use. Recent statistics show Joomla is a popular open-source Content Management System (CMS), with close to 6% of all websites.
0 Comments
Leave a Reply. |