Joomla! is one of the most used free and open-source content management systems. It is used to publish web content. This software was developed by Open Source Matters, Inc. This application is built on the base of the model–view–controller web application framework. This application is independent of the Content Management System.
The Administrator application (admin page, Control Panel, Back-end, or Admin Panel) is an interface for Joomla. Here the admin user only has full privileges, and other site officials will have restricted privileges. This user can manage the look of a Joomla! Powered web site. There are many features which can be done only through an administrator interface. This kind of user can set up how their website should look like using the Template Manager. The attacker can change the look by changing templates. The users can also add new extensions such as components, languages, modules, and plugins. There are many preset URL names for admin pages. If this name is not changed, an attacker can easily access the admin page by simply changing the URL with different default names.
Example
The following name is the default name.
https://example.beaglesecurity.com/administrator
Impact
The impact include:-
- The attacker will get administrative access.
- Possible loss of sensitive information.
Mitigation / Precaution
Beagle recommends the following fixes:-
- Change the default administrator name.
- Update Joomla to the latest version.
