Support

Admin Tools

#40676 Do you know JoomSploit, a script, on Git, to hack Joomla?

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
4
PHP version
7 8
Admin Tools version
last

Latest post by nicholas on Monday, 06 May 2024 02:31 CDT

Saturday, 04 May 2024 07:32 CDT

Cyril22

Hello,

  I wanted to inform you of a hacking script available on GitHub.
https://github.com/nowak0x01/JoomSploit
This script allows you to hack Joomla sites in just a few minutes.

I was wondering if Admin Tools could counter this kind of script; And I also think that

it would be interesting for you to know and study the hacking techniques of this script.

I would like to have your opinion because if I publish this information in the community, I would have liked to inform Joomla users that your component was a solution to protect themselves.

Waiting for your response,
I wish you a good day.



Saturday, 04 May 2024 07:33 CDT

System Task
system
The ticket information has been edited by Cyril SAMAMA (Cyril22).

Monday, 06 May 2024 02:27 CDT

tampe125

Hello,

looking at the repository, it seems just a framework to exploit a plugin that is vulnerable. This is just a tool to automate some steps to create a new user using some third party vulnerability, not to actually hack Joomla core.

So Admin Tools is already protecting you, since it's blocking requests to the vulnerable plugin.

Anyway, thank you for the heads up.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 06 May 2024 02:31 CDT

nicholas

This is really nothing novel, nor much of a hacking tool. If the target's site has known cross site scripting (XSS) vulnerabilities you drop this script into the XSS vulnerable component and wait for a Super User to visit this page. In this case, the code will run(* BIG ASTERISK *) with Super User privileges, creating a new Super User account under the attacker's control.

First of all, this requires a not yet patched XSS vulnerability. If you keep your site and its extensions up to date, and use sane text filtering settings (the defaults are fine) you don't have any known XSS vulnerability.

The second part is the * BIG ASTERISK *. Will the exploit code run? This depends on your Content Security Policy (CSP) header. This is something you can tweak either with the System - HTTP Headers plugin in Joomla!, or by writing your own CSP into the .htaccess Maker's custom code section.

None of that is new, newsworthy, or even important.

XSS vulnerabilities have existed ever since JavaScript existed, 28 years ago. It's part of what we try to protect against with sane security practices, security tools, and updates.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!