You might be familiar with JOOMLA!. It is a free and open-source content management system (CMS) for publishing web content. Behalf of its excellence JOOMLA had secured several awards. It is based on a model–view–controller web application framework that can be used independently of the CMS that allows you to build powerful online applications. The … Read more
The vulnerability is caused by a new component, com_fields, which was introduced Joomla in version 3.7. If you use this version, you are affected and should update as soon as possible. This vulnerable component is publicly accessible, which means this issue can be exploited by any malicious individual visiting your site. Given the nature of … Read more
Sometimes you might catch down in your web-browser’s status bar that a foreign website is attempting to load content on your website, or you might notice a web-browser warning. These can be common signs of a .htaccess hack, you might also notice that you’ve fallen in search engine rankings. The typical reason for this is … Read more
Introduction Joomla published version 3.6.4, an update to patch security issues: – [CVE-2016-8870] – Core – Account Creation (High Priority): attackers can exploit this vulnerability to create any account in a Joomla system regardless of whether its registration has been disabled. (affecting Joomla! 3.4.4 through 3.6.3) – [CVE-2016-8869] – Core – Elevated Privileges (High Priority): … Read more
We found old cookie (PHP_SESSION_PHP) based hidden redirect in joomla. These two modified files found when we search files: Normal part of these files look like this: But then malware begin (SECOND PART), so rest of file: Also different urls found: Decoded these: Here list that website’s set PHP_SESSION_PHP cookie: https://webcookies.org/cookie/http/PHP_SESSION_PHP/41265 You can manually clean … Read more