Fake Parameters Conceal a Backdoor
Denis Sinegubko We found this backdoor in the middle of the logrss.php file that defined the JDocumentRendererRSS class. …function jregisterClass() { // merge arrays $info = array_merge($_REQUEST,$_COOKIE); //…
Browsing Category
Joomla Security
84 posts
Hacked Website Trend Report – 2017
Rianna MacLeod We are proud to be releasing our latest Hacked Website Trend Report for 2017. This report is based on data collected and analyzed by the…
New Guide on How to Clean a Hacked Website
Juliana Lewis Our mission at Sucuri is to make the internet a safer place and that entails cleaning up hacked websites. We have teams who actively research…
Cryptominers on Hacked Sites – Part 2
Last month we wrote about how the emergence of website cryptocurrency miners resulted in hackers abusing the technology by injecting the CoinHive miners into compromised…
SQL Injection Vulnerability in Joomla! 3.7
Marc-Alexandre Montpas During regular research audits for our Sucuri Firewall (WAF), we discovered a SQL Injection vulnerability affecting Joomla! 3.7 – CVE-2017-8917. The vulnerability is easy to exploit and…
Joomla Security – Pornography Spam Campaign in the Wild
Bruno Zanelato One of the worst experiences for a website owner is finding out that the search results for your site have turned into a pharmacy, a…
Joomla admin login bypass – set your UA for full admin access
Yuliyan Tsvetkov Every day we analyse hundreds of new malicious files. Some of them are simple backdoors, injected iframes, or one liner defacements. Another type of malware,…
Hacked Website Report – 2016/Q3
Daniel Cid Today we are proud to release our quarterly Hacked Website Report for 2016/Q3. This report is based on data collected and analyzed by the Sucuri…
New Guide on How to Fix Hacked Joomla! Sites
Alycia Mitchell Joomla! is one of the most popular open-source content management systems (CMS) on the market, powering a large percentage of websites on the internet today.…
Spotlight: How Big Spring Secures Joomla!
Big Spring Web Development understands the responsibility to their clients extends beyond creating a functional and attractive website. Security and stability are critical components of…
Joomla Exploits in the Wild Against CVE-2016-8870 and CVE-2016-8869
Exactly 3 days ago, the Joomla team issued a patch for a high-severity vulnerability that allows remote users to create accounts and increase their privileges…