Critical Vulnerability in Joomla 2.5 - 3.3x (CVE-2014-7228)

Blog Categories

Basket of services

Company news

Thursday, 24 December 2015: Merry Christmas and Happy New Year!
Monday, 20 April 2015: Accepting payments through payment system Webmoney and Z-Payment restored
Saturday, 18 April 2015: Unavailable accepting payments via Webmoney and Z-Payment
Thursday, 05 March 2015: To order new services are available - DNS hosting and secondary DNS server
Wednesday, 25 February 2015: Added new ways to pay for services

Recent blog posts

Critical Vulnerability in Joomla 2.5 - 3.3x (CVE-2014-7228)

Wednesday, 01 April 2015 21:53

Network Security

September 30, 2014 it became known about the vulnerability in the software company Akeeba. The vulnerability allows remote upload shell, with no rights in the system. Are affected as the products themselves Akeeba: Akeeba Backup, Akeeba Solo, Akeeba CMS Update, Akeeba Admin Tools, and WARNING: all versions of Joomla 2.5 to version 2.5.27, and 3 to version 3.3.5.

The fact that the standard Joomla component updates using scripts of Akeeba. And Akeeba Joomla and released their updates, covering this vulnerability, but they did not consider it a critical vulnerability, and so many people do not pay much attention to it.

Indeed, a hacker could exploit this vulnerability only when you make a backup copy of your site, or are upgrading the site. That is, it is only a few seconds of which the hacker must still somehow and learn.

How does this work:

Error allows an attack is in the file restore.php, which in Joomla is located at administrator/components/com_joomlaupdate/restore.php. When you are upgrading for example, the next to the file to a temporary file is created more restoration.php, which is automatically deleted upon completion of the update. While restoration.php file exists, an attacker can send a special request to the file restore.php and pour on your site anything. Time has very little, as the update takes a few seconds. That is why no reference to the vulnerability did not attach.

But there is one big BUT. If in the process of updating the error occurred (which is quite often the case), then the file is not deleted restoration.php, and continues to be next to the file restore.php. And your site turns into a full screen, an attacker can now fill the shell anytime.

To fix vulnerabilities enough to update Joomla and components from Akeeba to the latest version. Before you upgrade, we recommend that you look into the folder administrator / components / com_joomlaupdate / and see if there is a file restoration.php. If it is, then it is possible that your site is already hacked.

If the update for some reason can not be performed, then to correct this vulnerability is sufficient to replace the file restore.php to the new version, where the vulnerability is closed. You can download this file is there.

If you need help - you can always contact our specialists.

Tagged under:

Read: 4055 times