Joomla – Page 2 – WindowsTechs.com

Serious Phar Flaw Allows Arbitrary Code Execution on Drupal

Posted on May 9, 2019 by Lindsey O'Donnell

Drupal, Typo3 and Joomla are all impacted by the bug. Continue reading Serious Phar Flaw Allows Arbitrary Code Execution on Drupal→

Hackers using hacked WordPress & Joomla sites to drop malware

Posted on March 29, 2019 by Waqas

By Waqas
Apparently, the malware attack is carried out by Russian speaking hackers. The IT security researchers at Zscaler have discovered a sophisticated malware campaign targeting websites based on WordPress and Joomla content management system (CMS)… Continue reading Hackers using hacked WordPress & Joomla sites to drop malware→

What to Do When the Botnet Comes Knocking

Posted on March 21, 2019 by Jonathan Bennett

“It was a cold and windy night, but the breeze of ill omen blowing across the ‘net was colder. The regular trickle of login attempts suddenly became a torrent of IP addresses, all trying to break into the back-end of the Joomla site I host. I poured another cup of …read more

Continue reading What to Do When the Botnet Comes Knocking→

how to substitute DisconnectHandlers of Joomla?

Posted on March 15, 2019 by Candy

I am having problems with the exploit

**Joomla! 1.0 < 3.4.5 – Object Injection ‘x-forwarded-for’ Header Remote Code Execution
CVE : CVE-2015-8562 , CVE-2015-8566**

It doesn’t work on Joomla versions < 3.0

So in orde… Continue reading how to substitute DisconnectHandlers of Joomla?→

RSAC 2019: Joomla! Mail Flaw Exploited to Create Mass Phishing Infrastructure

Posted on March 5, 2019 by Tara Seals

The Jmail Breaker attack leverages an old vulnerability in Joomla! along with a newly found flaw in the mail module. Continue reading RSAC 2019: Joomla! Mail Flaw Exploited to Create Mass Phishing Infrastructure→

Why object injection doesn’t work but payload is stored along with session cookies on Joomla 2.5.11 unpatched?

Posted on February 1, 2019 by ingezengeze nkayishyane

I have read and understand object injection from this question. Then I wanted to test the security issue behind Joomla CMS Object injection through serialization.

TEST MACHINE

xammp 1.7.3 for windows
Apache/2.2.14 (Win32) … Continue reading Why object injection doesn’t work but payload is stored along with session cookies on Joomla 2.5.11 unpatched?→

How various CMS encrypt password across past releases

Posted on January 29, 2019 by aneela

I am interesting in knowing how Drupal, Wordpress and Joomla have managed password encryption (hashing algorithims) across their various releases, from the very first to the latest.

Thanks.

Continue reading How various CMS encrypt password across past releases→

PHP Code Injection vulnerability exists even after recommended hardening

Posted on December 27, 2018 by Learner4Ever

Using Burp to intercept traffic and inject code we have identified
remote code execution vulnerability in a website. After entering data
in input fields on the form and clicking submit the traffic was
intercepted and… Continue reading PHP Code Injection vulnerability exists even after recommended hardening→

As End of Life Nears, More Than Half of Websites Still Use PHP V5

Posted on October 16, 2018 by Lindsey O'Donnell

Support for PHP 5.6 drops on December 31 – but a recent report found that almost 62 percent of websites are still using version 5. Continue reading As End of Life Nears, More Than Half of Websites Still Use PHP V5→

Support for PHP 5.6.x Ends in 2 Months, Millions of Websites at Risk

Posted on October 15, 2018 by Milena Dimitrova

Did you know that nearly 80% of all websites run on PHP? More particularly, “PHP is used by 78.9% of all the websites whose server-side programming language we know”, as revealed by W3Techs statistics. This fact alone makes PHP security…R… Continue reading Support for PHP 5.6.x Ends in 2 Months, Millions of Websites at Risk→