Joomla! CMS Remote Code Execution Scanner

Joomla! CMS is a widely-used content management system that allows users to build websites and web applications. It is popular among developers and businesses for its flexibility and ease of use, providing numerous templates and extensions. Joomla! is used by organizations of all sizes, from small businesses to large corporations, to manage their digital content. The software is open-source, enabling developers to contribute to its continuous development and improvement. Joomla! is known for its strong global community that offers support and updates. The platform is implemented in various projects such as e-commerce sites, government applications, and personal blogs.

The Remote Code Execution (RCE) vulnerability poses a significant threat as it allows attackers to execute arbitrary code on the affected system. This variant of vulnerability, located within Joomla! CMS versions <=3.4.6, exploits an unauthenticated PHP object injection flaw. Successful exploitation can result in complete control over the compromised server, which could be used to launch further attacks. Attackers can bypass authentication measures and execute malicious scripts to alter, delete, or steal information. RCE vulnerabilities are critical as they provide attackers direct access to system resources, posing severe security risks. Due to their nature, these vulnerabilities often require immediate remediation to prevent exploitation.

The vulnerability in Joomla! CMS allows attackers to exploit an endpoint that processes unsanitized input data during user authentication. The attack involves injecting a serialized PHP object into the authentication routine, which is then deserialized, leading to code execution. The vulnerable parameter exploited is part of the user login feature, specifically targeting the 'username' and 'password' fields. Upon sending crafted input, attackers can manipulate the backend database driver objects to execute unauthorized operations. Detailed understanding of the PHP object injection mechanism is necessary for mounting this attack. Exploitation of this flaw depends on vulnerable Joomla! installations without sufficient validation on serialized input data.

If this vulnerability is exploited, attackers may gain unauthorized access to the Joomla! CMS instance, leading to data breaches or system compromise. The affected server could become part of a botnet used for distributed denial-of-service (DDoS) attacks. Confidential information, such as user data and business-critical files, might be exposed or stolen. Additionally, attackers could deface websites, install malware, or even hold the affected system hostage for ransom. The repercussions of exploiting this vulnerability extend to loss of business reputation, potential legal liabilities, and financial losses.

REFERENCES

• https://blog.hacktivesecurity.com/index.php/2019/10/03/rusty-joomla-rce/
• https://github.com/kiks7/rusty_joomla_rce