Critical Vulnerability in Joomla Allows Hacker to Gain Admin Access - BestCyberNews: Online News Presenter in the present world

BestCyberNews: Online News Presenter in the present world

Start knowing

test banner


Critical Vulnerability in Joomla Allows Hacker to Gain Admin Access

Critical security vulnerability found in most popular e-commerce extension "VirtueMart" for the Joomla, it is discovered by  Security researchers at Sucuri. This vulnerability could be used by a malicious user to easily gain Super-Admin privileges on your website. With super-admin access, the attacker has full control of the site and database.

If you have Joomla based website running the VirtueMart version <2.6.8c and allowing user registration, are at risk of a total website takeover. A successful exploit would allow an attacker to become a Super-Administrator and do anything they want, this could include uploading backdoors to your server, running spam campaigns, or distributing malware to your visitors.

VirtueMart uses Joomla’s JUser class “bind” and “save” methods to handle user accounts information. That’s not a problem in it of itself, but this class is very tricky and easy to make mistakes with.

The bind method roughly does the same thing as PHP’s array_merge function, except for a few points such as live password encryption and the fact that it operates on a class rather than an array.
This extension pass the $data variable (which, at this point in execution, contains the whole $_POST array) directly to the bind() call. While it is an effective way to save/modify user informations, not whitelisting what parameters should be modified is a very bad idea. It basically allows anybody to modify every single variables within JUser’s class scope!

Using this dangerous behaviour, an attacker could modify JUser’s $isRoot, $groups and $_authGroups variables to add their account to the Super-Administrator group, thus giving them full privileges over the target website / environment.

This bug was discovered and disclosed last week and immediately patched by the VirtueMart team. They also released the update 2.6.8c to fix this issue.

Author Venkatesh Yalagandula Follow us Google + and Facebook and Twitter