Joomla common log files

OWASP 2013-A9 OWASP 2017-A10,OWASP 2017-A9 CWE-532 WASC-20

Joomla! is one of the most used free and open-source content management system. It is used to publish web content. This software was developed by Open Source Matters, Inc. This application is built on the base of the model–view–controller web application framework. This application is independent of the Content Management System.

There are many servers having a vulnerability in common log files of Joomla. This vulnerability is found in the content management system. This could allow an attacker to gain administrator privileges on the vulnerable server. This vulnerability is encountered due to improper memory operations when handling user-supplied input by the affected software.

An attacker can exploit this vulnerability as follows:-

  1. Accessing the system
  2. Gain Administrator access
  3. Execute the intended processes on the system

The vulnerability will be to compromise the system completely.

Impact

The impact include:-

  • Losing server integrity
  • Possible data loss

Mitigation / Precaution

Beagle recommends the following fixes:-

  • Upgrade Joomla! to the latest version.
  • Implement the following:-
    1. Log into your Joomla! Administrator area.
    2. Click Users on the menu item and select Manage.
    3. Review the list, especially ones with a recent Registration Date.
    4. Remove all the unfamiliar users that were created by the attacker.
    5. Check the Last Visit Date of legitimate users of the application.
    6. Confirm the identity of all the users that logged in at suspicious times.
    7. Go through the server logs and search for requests to the administrator area of Joomla!. Especially look for users logging in at unusual times or unusual geographic locations.

Latest Articles