A Different Kind of POP: The Joomla Unserialize Vulnerability
The recent Joomla security issue is a critical vulnerability that allows unauthenticated remote code execution (RCE) on vulnerable websites. This vulnerability was discovered in the User-Agent HTTP header, which can be exploited to execute arbitrary PHP code on the server hosting the website. The attackers are using this vulnerability to upload and execute malicious PHP files, often disguised as legitimate files such as "ajax.php". These files act as a backdoor, allowing the attacker to gain full control over the affected website. The exploit is being actively used in the wild, with numerous attempts observed by security researchers. The issue was patched in Joomla 3.9.2 and later versions. However, many websites are still vulnerable due to outdated software or improper configurations. It is crucial for website administrators to update their Joomla installations to the latest version as soon as possible to mitigate this vulnerability. In addition to updating the software, it is also recommended to implement a Web Application Firewall (WAF) that can detect and block exploit attempts targeting this vulnerability. This will provide an additional layer of protection against potential attacks.
Company
Cloudflare
Date published
Dec. 17, 2015
Author(s)
Pasha Kravtsov
Word count
1374
Language
English
Hacker News points
None found.