Last December 2015, a new Joomla critical RCE vulnerability has been actively attacked by hackers. This vulnerability allows hackers to conduct PHP object injection attacks leading to a full remote command execution . The Joomla versions 1.5 to 3.4.5 are affected and are therefore susceptible to this attack. A modified payload of the attack from an IP from Ukraine is shown below.
Is your website vulnerable to this kind of attack? If you are a Joomla user, immediately check the Joomla version that your website is running to if it is updated or not. Joomla released version 3.4.6 to fix the vulnerability. The latest update of Joomla is version 3.4.8 released last December 24, 2015. Its End of Life (EOL) will be on the release of the next version 3.5 on the first quarter of this year. Non-Joomla users are not vulnerable however, it is still best to always update your plugins, systems and other necessary security measures to prevent any compromise.
How to know if you are being attacked? Check your logs for terms like “JDatabaseDriverMysqli”. Pandora Security Labs through the WebRanger is able to detect and block this kind of attack. To ensure that you keep your websites always protected even from future attacks and new vulnerabilities such as these, WebRanger provides effective proactive and effective web application security that keeps your websites protected 24/7. Visit WebRanger’s website to learn how it actively protects your website.
The other high severity Joomla vulnerability discussed in 2015 was the SQL Injection Vulnerability resulting in full administrative access. It is the result of inadequate filtering of the request data. This vulnerability was fixed in the 3.4.5 version of Joomla.