Joomla common log files

By
Prathap
Published on
02 Jul 2018
1 min read
Vulnerability

Joomla! is one of the most used free and open-source content management system. It is used to publish web content. This software was developed by Open Source Matters, Inc. This application is built on the base of the model–view–controller web application framework. This application is independent of the Content Management System.

There are many servers having a vulnerability in common log files of Joomla. This vulnerability is found in the content management system. This could allow an attacker to gain administrator privileges on the vulnerable server. This vulnerability is encountered due to improper memory operations when handling user-supplied input by the affected software.

An attacker can exploit this vulnerability as follows:-

  1. Accessing the system
  2. Gain Administrator access
  3. Execute the intended processes on the system

The vulnerability will be to compromise the system completely.

Impact

The impact include:-

  • Losing server integrity
  • Possible data loss

Mitigation / Precaution

Beagle recommends the following fixes:-

  • Upgrade Joomla! to the latest version.
  • Implement the following:-
    1. Log into your Joomla! Administrator area.
    2. Click Users on the menu item and select Manage.
    3. Review the list, especially ones with a recent Registration Date.
    4. Remove all the unfamiliar users that were created by the attacker.
    5. Check the Last Visit Date of legitimate users of the application.
    6. Confirm the identity of all the users that logged in at suspicious times.
    7. Go through the server logs and search for requests to the administrator area of Joomla!. Especially look for users logging in at unusual times or unusual geographic locations.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Prathap
Prathap
Co-founder, Director
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
Find surface-level website security issues in under a minute
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.