Linux Today: Linux News On Internet Time.

Hacking Joomla! -- the fast and easy way

Aug 27, 2011, 18:00 (0 Talkback[s])

[ Thanks to An Anonymous Reader for this link. ]

"Popular open source Content Management Systems (CMSs) like Drupal, Joomla! and WordPress, are regularly subject to source code reviews as well as blackbox pentesting. Thus, vulnerabilities in these systems are quickly identified and fixed. And security updates are frequently released. Unfortunately, people tend to install the base CMS, add plugins, build their website and then never upgrade when security patches are available. Furthermore, third party developed plugins usually extend the offender's attack surface and expose the CMS-based website to new threats.

"During pentests, and facing a CMS based website, I often look for open source security tools that are targeted specifically at the CMS in question. These tools usually excel at fingerprinting the CMS version used by the target, detecting installed plugins/themes, and identifying corresponding vulnerabilities. "

Complete Story

Related Stories: