Backdoor in Joomla
The criminals must think about how to introduce the threats on web sites, without these being detected. The wit may be unthinkable but the last that has been detected has surprised many experts. And is that s -e has detected a back door in the image of the logo of Joomla, specifically in the EXIF data of the file.
It is a specification widely used especially in digital cameras, and serves to introduce metadata to the image files, like for example the date and time, the settings of the camera which has obtained image. the location,...
In addition, this code was encoded in base 64, allowing the hackers to be charged image by the php module for this, to carry out the execution of the hidden code in this field in the file. This is something relatively new, as in previous occasions, we have detected attempts to disguise the code malware in the interior of the image, by altering in any way the composition of the same. However, on this occasion has not been introduced in the interior of the image file, but in an additional field, intended to provide information about the image taken.
Without going more far, the virus Vawtrack was one of the first camouflage in the interior of a PNG image file.
Many experts have expected that from the CMS to add a little more light but this has not been the case.
This back door would have been introduced taking advantage of a vulnerability of Joomla
The expert to discover this back door still do not know for sure if it is a case of isolated or if there are more affected web sites that make use of this CMS.
Confirmation of this last, almost with total security, hackers have used a vulnerability in the web site, and below is where there are two possible alternatives: that the vulnerability still is not listed or patched or that it is patchy, and many users still have not installed the version that solves the problem. Although it may seem it is something quite common that not only happens in Joomla, also in WordPress and any content management system.
To know the scope of this event from the CMS should clarify what it is that has happened and if this is an isolated case in which it is clear a bad security settings.
Source: redeszone.net
This is not the first nor will it be the last, attentive users of Joomla.
Backdoor in Joomla
![]()
Reviewed by Unknown
on
2:21:00 AM
Rating: