Joomla Web Application Development Vulnerabilities


What is Joomla?
Joomla web development application is a free and open source CMS (Content management system) used to publish content on the web. Joomla written in PHP, uses object oriented programming techniques and software design patterns, stores data in MySQL database and includes a model view controller web application framework.

Joomla features includes page caching, RSS feeds, printable versions of pages, news flashes, blogs, polls, search and support international languages.

Model-View-Controller
Model-View-Controller (MVC) is a software design pattern organizing the code in such a way that the business logic and data presentation are separate.

Model
Model is the part of the component that summarizes the application data by managing and manipulating the data in a meaningful way. It contains methods to add, remove and update information in the database.

View
View is the part of the component that renders the data from the model suitable for interact. The view retrieves the data from the model and feeds the data into the template which is presented to the user.

Controller
Controller is responsible for responding to the user action (page request). It determines what request is made by the user and responds properly by activating the model to manipulate the data appropriately and passing the model into view.

Cross Site Scripting (XSS)
XSS flaws occurs when an application gets the user supplied data, send to the web browser without validating or encoding the content. It allows the attackers to execute the script in victim browser hijacking user sessions, deface web sites, and introducing worms, etc

Injection Flaws
It’s a SQL injection, common in web applications. Injection happens when the user supplied data is sent to the interpreter as part of command or query.

Solutions

  • Write SQL safe queries
  • Write SQL-safe LIKE string comparison queries
  • Using the token
  • Making the filename safe
  • Making the directory path safe
  • Making the path safe
  • Safely retrieving request data
  • Getting the value from array

Malicious File Execution
Code vulnerable to remote file inclusion (RFI) lets the hackers to include hostile code and data, resulting in devastating attacks. Malicious file execution attacks affects PHP, XML and any framework which accepts filenames or files from the user.

Solutions
It has to be prevented in the design stage. If this stage is already completed, then extra precaution needs to be taken.

Insecure Direct Object Reference
It occurs when developers depicts any reference to the internal implementation object such as file, directory, database record, or key, as a URL or form parameter. Hackers influence those references to access the data without authorization.

Solutions
Use indirect reference maps. Avoid exposing private data to users. If direct data is to be used, ensure with a validation that the user is authorized to view what they are authorized to view.

Cross Site Request Forgery (CSRF)
The CSRF attack happens by means of sending pre-authenticated request to a vulnerable web application from the user browser, which then performs hostile action for the benefit of the hackers.

Solutions
Insert a random string named token into each POST form and each GET query string, enabling to modify something in the Joomla system. Joomla Framework provides protection to the target site.

Information Leakage and Improper Error Handling
Sometimes, applications leak information about their configuration, internal workings and privacy due to different issues. Here hackers use this point to steal sensitive data or to attack seriously.

Solutions

  • Stack traces
  • SQL errors

Broken Authentication and Session Management
Often Account details and session tokens are not properly protected and the attackers steal passwords, keys, or authentication tokens to know other users’ identities.

Solutions
To prevent these types of vulnerabilities, first ensure that SSL is used for all authenticated parts of the application. Also, verify all credentials are stored in a hashed form. To prevent these consider the following:

  • Use native session management mechanism. Don’t write own session handlers.
  • Use single authentication mechanism.
  • Don’t allow to login to from an unencrypted page.
  • Once the user validates, provide them a new session cookie and invalidate the previous session cookie.
  • Make sure that every page of the application as logout link.
  • Verify the user’s old password before changing the new password.
  • Don’t send credentials (including the user name) through insecure channels.
  • Don’t expose session ids, such as the session token, in the URL.

Insecure Cryptographic Storage
Applications hardly use cryptographic functions to protect data and credentials. Hackers use data to conduct identity theft and other crimes such as credit card fraud.

Solutions
If the data is sensitive and encrypted

  • Credit Cards
  • User Names
  • Passwords
  • User data

Make sure that the data stored is not easy to decrypt. Don’t use weak algorithms. Use asymmetric key encryption to store the private keys carefully.

Insecure Communications
Web Applications fails to encrypt network traffic when it is crucial to protect sensitive communications.

Solutions
Use SSL on any authenticated connection or on any sensitive data that is being passed. Different ways involved configuring SSL for web applications properly, by understanding and analyzing the purpose properly.

Failure to Restrict URL Access
Some application protects important functionality by preventing the display of URLs to unauthorized users. But, hackers use this point to access and perform unauthorized operations by accessing the URLs directly.

Solutions
Use Joomla Plugin that restricts the article to registered / unregistered users only. Just add the “reg” or “unreg” string into the joomla text/content. Then the text with the “reg” tags will be displayed to the registered users and the text with “unreg” tags will be displayed to the guests only. JUGA, noixACL is the best component that allows what is to be offered to users on both your front end and administrator control panel.

+ There are no comments

Add yours