Your SlideShare is downloading. ×
0
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Making Joomla Insecure - Explaining security by breaking it

3,328

Published on

This presentation covers some security tips on Joomla, by demonstrating common attacks and what you can do to prevent them. …

This presentation covers some security tips on Joomla, by demonstrating common attacks and what you can do to prevent them.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
3,328
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
21
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Making Joomla! insecure Sydney JUG 09/08/2011 Presented by Tim Plummerwww.tamlyncreative.com.au/software
  • 2. Test scenario• Joomla 1.5.23 with com_hello (Hello World) component installed• http://joomlacode.org/gf/download/frsreleas e/8111/29436/com_hello4_01.zip
  • 3. What version of Hello World are you running?• http://localhost/sydjug/administrator/components/com_hello/install.xml
  • 4. How to protect?• Password protect administrator folder in cpanel
  • 5. How to password protect in cpanel?1. Create user2. Select user3. Password protect this directory
  • 6. So what web server & PHP version do you use?• Now lets look at http://localhost/sydjug/components/com_hello/models/
  • 7. How to protect?• Make sure every directory has an index.html file (or have a rule in your .htaccess to protect you)
  • 8. Path disclosure• So now let’s take a look at• http://localhost/sydjug/components/com_hello/views/hello/view.html.php
  • 9. How to protect?• Make sure every php file checks for _JEXEC• <?php defined(_JEXEC) or die(Restricted access); ?>• <?php defined(_JEXEC) or die(‘); ?>
  • 10. SQL Injection• Lets add some vulnerabilities to com_weblinks• /components/com_weblinks/models/category.php• Before After• $id = JRequest::getVar(id, 0, , int); $id = JRequest::getVar(id);• $this->setId((int)$id); $this->setId($id);• WHERE catid = . (int) $this->_id. WHERE catid = . $this->_id.• And delete return true; in _loadCategory()• Now we have a vulnerable site to play with ☺
  • 11. SQL injection• http://localhost/sydjug/index.php?option=com_weblinks&vie w=category&id=1+CENSORED_I’M_NOT_GOING_TO_SHOW_Y OU_HOW_TO_DO_SQL_INJECTION
  • 12. How to protect• Never trust user input, always sanitize variables, for example casting as int• (int)$catid
  • 13. LFI – Local File Inclusion• Let’s add some vulnerable code to /components/com_weblinks/weblinks.php• This code is vulnerable to the local file include vulnerability as the input is not sanatised.
  • 14. LFI – Local File Inclusion• http://localhost/sydjug/index.php?option=com_weblinks&controller=../../../tmp/test• Look, I’m executing code that I shouldn’t be (I created a test.php file with phpinfo just to demonstrate)
  • 15. How to protect?• Use getWord instead of getVar• Check if file exists• As you can see, by using the getWord function the controller variable will be sanitised and will filter out everything except for letters and underscores. Also the file_exists also helps to protect from remote file inclusion.
  • 16. XSS - Cross-site scripting• http://jeffchannell.com/Joomla/joomla- jfilterinput-xss-bypass.html
  • 17. Other security tips• Always have a good regular backups (I recommend Akeeba Backup)• Never use default database prefix jos_ (use Admin Tools Core from Akeeba to change)
  • 18. Other security tips• Always keep up with current Joomla version (use Admin Tools core to update)• Never use 777 file permission (use Admin Tools Core fix permissions)• Change super admin user id from default 62 (Use Admin Tools Core Super Administrator ID to change) – also recommended to set user id 62’s group to registered and disable user.
  • 19. Other security tips• Get a decent .htaccess file• http://docs.joomla.org/Htaccess_examples_%28security%29• Keep your extensions up to date (developers often release security fixes)
  • 20. Other security tips• Look at your website cpanel error logs/raw access logs (they are interesting and sometimes scary)• 77.221.130.18 - - [09/Aug/2011:08:54:59 +1000] "GET /index.php?option=com_myfiles&controller=../../../../../../../../../../../../..//proc/self/environ%0000 HTTP/1.1" 404 613 "-" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.2; Windows NT 5.1;)“• 77.222.40.87 - - [09/Aug/2011:13:28:02 +1000] "GET //index.php?option=com_alphauserpoints&view=../../../../../../../../../../../../..//proc/self/environ%0000 HTTP/1.1" 404 613 "-" "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7"
  • 21. Other security tips• Set error reporting to “none” in your global config• Be careful what file extension types you allow in media manager
  • 22. Other security tips• Disable unused core extensions, this way in future if a vulnerability is identified in say com_banners, your site wont be at risk
  • 23. Lessons• Many extension development tutorials have security vulnerabilities in them.• It only takes one insecure extension to make your site vulnerable.• Security is an ongoing exercise, it’s not just something you do when you initially set up your site

×