Joomla admin page

Prathap

Published on

02 Jul 2018

1 min read

Joomla! is one of the most used free and open-source content management systems. It is used to publish web content. This software was developed by Open Source Matters, Inc. This application is built on the base of the model–view–controller web application framework. This application is independent of the Content Management System.

The Administrator application (admin page, Control Panel, Back-end, or Admin Panel) is an interface for Joomla. Here the admin user only has full privileges, and other site officials will have restricted privileges. This user can manage the look of a Joomla! Powered web site. There are many features which can be done only through an administrator interface. This kind of user can set up how their website should look like using the Template Manager. The attacker can change the look by changing templates. The users can also add new extensions such as components, languages, modules, and plugins. There are many preset URL names for admin pages. If this name is not changed, an attacker can easily access the admin page by simply changing the URL with different default names.

Example

The following name is the default name.

https://example.beaglesecurity.com/administrator

Impact

The impact include:-

The attacker will get administrative access.
Possible loss of sensitive information.

Mitigation / Precaution

Beagle recommends the following fixes:-

Change the default administrator name.
Update Joomla to the latest version.

Automated human-like penetration testing for your web apps & APIs

Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Product tour

Written by