Hacking Joomla!
The risk is yours! We offer no guarantees, just tips! Hacking Joomla!
No, don't expect how-to's on black-hat hacking into a Joomla site - there we are providing how to modify the Joomla core and addons to get most out of it. This category is intended to be used by the white-hat hackers, Joomla siteowners who want to get out more from the system they have.
HTMLWhen you developing a template for a new site you often get stacked, and hit your head against the wall: the code outputted by Joomla sometime severely limits your ability to format the output as you wish. This is true not only for Joomla 1.0.*, but partially for the Joomla 1.5.*. Yes, partially, because you can do things here - and you can do a lot. Searching for a solution for a problem I had run into developing a template for one of my clients I found this great tip of Jonathan on his blog on http://www.beckettwebdesign.com:
Do you have a huge collection of nice Joomla 1.0 templates, and dunno what to do with them? Let's go green and reuse them
!
This attack consists of changing resource identifiers used by an application in order to perform a malicious task. When an application permits a user input to define a resource, like a file name or port number, this data can be manipulated to execute or access different resources.
Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the load_file() (within a SQL Injection ) query to view the page source, require the attacker to have the full path to the file they wish to view. Then the attacker can use this info to perform other type of attacks based on the obtained information.
Vandals often use hacking techniques to deface a website or destroy data and files, but there are also those who just want to steal resources (make use of other peoples' servers without their knowledge or permission) or to cover their tracks by stealthily making use of hardware owned by legitimate businesses to carry out processing for illegal operations or to relay spam and viruses to others.
One popular and potentially devastating method of attack against Joomla powered sites is SQL injection. Any web application that makes use of a database usually communicates with the database for necessary functions using a special language known as 'Structured Query Language', or SQL. Joomla, by the way, uses an open source implementation of this language, MySQL.
Subcategories
-
Hacking the core
Don't do this! We are not recommending doing ANY hacks in Joomla! core! You will compromise both upgradeability of your site - and potentially your security. But sometimes you are facing a situation when you need to do this... and then you can look up for a potential solution here.
- Article Count:
- 11
-
Component hacks
Hacking the main add-ons, the components running under Joomla! to add new features, functionalities, to enhance or even to fix them
- Article Count:
- 10
-
Template trickery
Template is an essential part of a Joomla site. It's not only simple HTML/CSS/PHP/JS wich let's you show your content, it's a genuine shell with endless of possibilities for success - and failure. There are defined not only how your site will look like for your human visitors, but also for searchengines too. So it's your primary tool in your SEO efforts.
And also it's first line of your defence too. Lots of security holes can be opened with a badly written template! And also, don't forget, that might be the biggest resource hog - so the first place to optimize your site's performance.
More: has a tremendous amount of power built in. You should unleash that, and master it.
- Article Count:
- 17
-
Dictionary
You might heard lot of weird expressions and acronyms when is coming about hacking. What XSS, LFI and all these things are meaning? You can find'em here!
- Article Count:
- 10
-
Module crafting
The module you just installed does not works exactly as you need it? Dont be lazy or shy, do some crafting, bricolage, whatewer you like - and are qualifyed for! DIY - Joomla style.
- Article Count:
- 1
Maintained by:
Latest Tips
Site Statistics
- Current Active Users11
- Unique Visits Today282
- Unique Visits Yesterday274
- Visits This Week1075
- Visits Previous Week1022
- Total Articles156
- New Articles This Week4
