Joomla
Joomla is a popular open-source CMS designed to create and manage websites efficiently. It offers a flexible framework that supports a wide range of websites, from simple blogs to complex corporate portals. Joomla is built with PHP and uses a MySQL database to store content, making it widely compatible with common web hosting environments. Its modular architecture allows easy extension through plugins, components, and templates, enabling customization to fit specific needs. Joomla can be easily identified by its favicon:
Joomla's has the following user roles:
Super Users/Administrator
Access to administrative features (adding, deleting users and posts, editing source code)
Administrator
Admin functions except global options
Manager
Content creation and backend system info
Enumeration
In certain installs, we may be able to discover the version from other dirs or JS files:
droopescan is a plugin-based scanner designed mostly for SilverStripe, WordPress, and Drupal, but it has some functionality for Joomla and Moodle as well:
joomlascan is an open source software that finds the components installed in Joomla CMS:
Attacks
Fuzzing
Fuzzing can be used for further directory, plugin, and theme enumeration (joomla.txt):
The MSF's module joomla_plugins can be used to enumerate plugins:
BFA
Joomla 3.2 stable release bought 2FA as part of the core install which adds another challenge to BFAs. However, this isn't enabled by default.
The default administrator account is admin and the password is set at install time:
MSF's joomla_bruteforce_login module can be used for a BFA:
joombrutev2 is the Python3 version of the original joombrute:
joomla-brute is Joomla login bruteforcer:
nmap has a Joomla-specific NSE as well as a general one for BFA against HTTP forms:
RCE
We can upload a webshell as by editing a template (e.g. error.php) and adding a PHP webshell:
Vulnerabilities
There is a live vunlerable extensions list.
Last updated