Trustwave SpiderLabs researcher Asaf Orpani has discovered an SQL injection vulnerability in versions 3.2 through 3.4.4 of Joomla, a popular open-source Content Management System (CMS). Combining that vulnerability with other security weaknesses, our Trustwave SpiderLabs researchers are able to gain full administrative access to any vulnerable Joomla site.
Joomla had a 6.6 percent share of the market for website CMSs as of October 20, 2015 according to W3Techs—second only to WordPress. Internet services company BuiltWith estimates that as many as 2.8 million websites worldwide use Joomla.
Ciptor recommends that you upgrade immediately to Joomla 3.4.5. Please note that this vulnerability is only exploitable while an administrator is logged into the site. If you must delay your upgrade, log out of any administrator accounts not in use. In addition, if you must log in as administrator, do so for only short periods of time.
The vulnerability can be exploited in Joomla versions 3.2 (released in November 2013) through version 3.4.4.
Because the vulnerability is found in a core module that doesn't require any extensions, all websites that use Joomla versions 3.2 and above are vulnerable.
Trustwave WAF's "Blind SQL Injection" rule detects this attack provided the rule is enabled. A dedicated, fine-tuned rule will be issued in an upcoming signature update (CorSigs 4.39).
If it's enabled, ModSecurity Commercial Rule Set rule 95007 blocks attempts to exploit this vulnerability. For Commercial Rule Set customers, a virtual patch will also be issued soon.
At Ciptor Benelux we believe that Greenradius in combination with 2-Factor Authentication (2FA) is a more secure way to connect to resources than a simple username and password. With 2FA, users log in with a username, something they know (a password or PIN), and something they have (a security token, a phone authentication app, etc.).
Usernames and PINs/passwords alone to log in to a network, resource, or application are vulnerable to many different kinds of attacks. These include malware and phishing. There is also danger using a public, unsecured network, such as at a library, coffee shop, or airport. Additionally, users tend to create passwords that they can remember easily. These can easily be guessed or cracked.
With 2FA, there is another layer of security attackers must overcome. And with GreenRADIUS, our team of industry-leading security architects and developers sets the standard for secure access.
GreenRADIUS supports a variety of 2FA hard and soft tokens to accommodate the broadest possible set of use cases. Whether your users are authenticating from mobile devices or traditional computing platforms, GreenRADIUS either resells or partners with providers of secure and affordable authentication methods. In addition, count on Green Rocket Security to be an active participant in relevant industry dialogues, and initiatives that enhance security and usability of two-factor authentication solutions.
We are proud to help Benelux customers with the intergation of realtime protection with the Ciptor Greenradius service.