Automated Joomla hack in the wild

One of my coworkers runs a Joomla based site for his Milsim Shop (wikipedia) and today he was faced with the following when opening his site:

Apparently it had been replaced with a defacement, like many others.

Seems to me that is that this is an automated attack exploiting vulnerable Joomla installs, where it exploits a security issue that allows for remote administrator password changes.

The issue was reported and fixed on the 12th of August 2008 when a new 1.5.6 release was made available. Joomla themselves has also been bit by this when a non-public development site was used to deface joomla.org itself.

So far it seems like all the attacker did was to change the administrator password and replace the template index.php file. I recovered the admin password my putting a raw md5sum of a known string manually into the MySQL database Joomla uses

Post metadata


Published August 27, 2008 13:10
0 comments

Tagged with , , and 


Quickies


Featured Post

Huge VMware ESX/ESXi 3.5 Update 2 Bug Discovered

VMware ESX/ESXi 3.5 Update 2 users around the globe are experiencing huge problems with their infrastructure. A bug in the latest version of the VMware enterprise virtualization software might render thousands, if not more, virtual machines unbootable….

read more

Featured Post

Gallery goes to Amsterdam

This weekend most of the Gallery developers and other team members were gathered in Amsterdam, Holland, for the yearly meetup….

read more

Other Content

del.icio.us

Random Images


Contact me

Lets talk!
Get in touch