Joomla is a free and open source CMS that uses PHP and MySQL. It is vulnerable to attacks like XSS, SQL injection, file execution, insecure authentication, and failure to encrypt sensitive data. Developers should use safe SQL queries, validate all user input, implement secure session handling, encrypt passwords and sensitive data, and restrict access to privileged URLs and functions.
Report
Share
Report
Share
1 of 4
More Related Content
Joomla web application development vulnerabilities
1. Joomla Web Application Development Vulnerabilities
What is Joomla
Joomla web development application is a free and open source CMS (Content
management system) used to publish content on the web. Joomla written in PHP,
uses object oriented programming techniques and software design patterns, stores
data in MySQL database and includes a model view controller web application
framework.
Joomla features includes page caching, RSS feeds, printable versions of pages, news
flashes, blogs, polls, search and support international languages.
Model-View-Controller
Model-View-Controller (MVC) is a software design pattern organizing the code in such
a way that the business logic and data presentation are separate.
Model
Model is the part of the component that summarizes the application data by
managing and manipulating the data in a meaningful way. It contains methods to
add, remove and update information in the database.
2. View
View is the part of the component that renders the data from the model suitable for
interact. The view retrieves the data from the model and feeds the data into the
template which is presented to the user.
Controller
Controller is responsible for responding to the user action (page request). It
determines what request is made by the user and responds properly by activating
the model to manipulate the data appropriately and passing the model into view.
Cross Site Scripting (XSS)
XSS flaws occurs when an application gets the user supplied data, send to the web
browser without validating or encoding the content. It allows the attackers to
execute the script in victim browser hijacking user sessions, deface web sites, and
introducing worms, etc
Injection Flaws
It’s a SQL injection, common in web applications. Injection happens when the user
supplied data is sent to the interpreter as part of command or query.
Solutions
• Write SQL safe queries
• Write SQL-safe LIKE string comparison queries
• Using the token
• Making the filename safe
• Making the directory path safe
• Making the path safe
• Safely retrieving request data
• Getting the value from array
Malicious File Execution
Code vulnerable to remote file inclusion (RFI) lets the hackers to include
hostile code and data, resulting in devastating attacks. Malicious file execution
attacks affects PHP, XML and any framework which accepts filenames or files from
the user.
Solutions
It has to be prevented in the design stage. If this stage is already completed,
then extra precaution needs to be taken.
Insecure Direct Object Reference
3. It occurs when developers depicts any reference to the internal implementation
object such as file, directory, database record, or key, as a URL or form parameter.
Hackers influence those references to access the data without authorization.
Solutions
Use indirect reference maps. Avoid exposing private data to users. If direct
data is to be used, ensure with a validation that the user is authorized to view
what they are authorized to view.
Cross Site Request Forgery (CSRF)
The CSRF attack happens by means of sending pre-authenticated request to a
vulnerable web application from the user browser, which then performs hostile action
for the benefit of the hackers.
Solutions
Insert a random string named token into each POST form and each GET query
string, enabling to modify something in the Joomla system. Joomla
Framework provides protection to the target site.
Information Leakage and Improper Error Handling
Sometimes, applications leak information about their configuration, internal workings
and privacy due to different issues. Here hackers use this point to steal sensitive
data or to attack seriously.
Solutions
• Stack traces
• SQL errors
Broken Authentication and Session Management
Often Account details and session tokens are not properly protected and the
attackers steal passwords, keys, or authentication tokens to know other users’
identities.
Solutions
To prevent these types of vulnerabilities, first ensure that SSL is used for all
authenticated parts of the application. Also, verify all credentials are stored in
a hashed form. To prevent these consider the following:
• Use native session management mechanism. Don’t write own session
handlers.
• Use single authentication mechanism.
• Don’t allow to login to from an unencrypted page.
• Once the user validates, provide them a new session cookie and
invalidate the previous session cookie.
• Make sure that every page of the application as logout link.
4. • Verify the user’s old password before changing the new password.
• Don’t send credentials (including the user name) through insecure
channels.
• Don’t expose session ids, such as the session token, in the URL.
Insecure Cryptographic Storage
Applications hardly use cryptographic functions to protect data and credentials.
Hackers use data to conduct identity theft and other crimes such as credit card
fraud.
Solutions
If the data is sensitive and encrypted
• Credit Cards
• User Names
• Passwords
• User data
Make sure that the data stored is not easy to decrypt. Don’t use weak
algorithms. Use asymmetric key encryption to store the private keys carefully.
Insecure Communications
Web Applications fails to encrypt network traffic when it is crucial to protect sensitive
communications.
Solutions
Use SSL on any authenticated connection or on any sensitive data that is
being passed. Different ways involved configuring SSL for web applications
properly, by understanding and analyzing the purpose properly.
Failure to Restrict URL Access
Some application protects important functionality by preventing the display of URLs
to unauthorized users. But, hackers use this point to access and perform
unauthorized operations by accessing the URLs directly.
Solutions
JoomiHide, it’s a Joomla Plugin that restrict the article to registered /
unregistered users only. Just add the "reg" or "unreg" string into the joomla
text/content. Then the text with the "reg" tags will be displayed to the
registered users and the text with "unreg" tags will be displayed to the guests
only. JUGA, noixACL is the best component that allows what is to be offered
to users on both your front end and administrator control panel.