Joomla admin page

By
Prathap
Published on
02 Jul 2018
1 min read
Vulnerability

Joomla! is one of the most used free and open-source content management systems. It is used to publish web content. This software was developed by Open Source Matters, Inc. This application is built on the base of the model–view–controller web application framework. This application is independent of the Content Management System.

The Administrator application (admin page, Control Panel, Back-end, or Admin Panel) is an interface for Joomla. Here the admin user only has full privileges, and other site officials will have restricted privileges. This user can manage the look of a Joomla! Powered web site. There are many features which can be done only through an administrator interface. This kind of user can set up how their website should look like using the Template Manager. The attacker can change the look by changing templates. The users can also add new extensions such as components, languages, modules, and plugins. There are many preset URL names for admin pages. If this name is not changed, an attacker can easily access the admin page by simply changing the URL with different default names.

Example

The following name is the default name.

https://example.beaglesecurity.com/administrator

Impact

The impact include:-

  • The attacker will get administrative access.
  • Possible loss of sensitive information.

Mitigation / Precaution

Beagle recommends the following fixes:-

  • Change the default administrator name.
  • Update Joomla to the latest version.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Prathap
Prathap
Co-founder, Director
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment