This attack consists of changing resource identifiers used by an application in order to perform a malicious task. When an application permits a user input to define a resource, like a file name or port number, this data can be manipulated to execute or access different resources.
The risk is yours! We offer no guarantees, just tips! Hacking Joomla!
No, don't expect how-to's on black-hat hacking into a Joomla site - there we are providing how to modify the Joomla core and addons to get most out of it. This category is intended to be used by the white-hat hackers, Joomla siteowners who want to get out more from the system they have.
Featured
Featured
Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the load_file() (within a SQL Injection ) query to view the page source, require the attacker to have the full path to the file they wish to view. Then the attacker can use this info to perform other type of attacks based on the obtained information.
Featured
Vandals often use hacking techniques to deface a website or destroy data and files, but there are also those who just want to steal resources (make use of other peoples' servers without their knowledge or permission) or to cover their tracks by stealthily making use of hardware owned by legitimate businesses to carry out processing for illegal operations or to relay spam and viruses to others.
Featured
One popular and potentially devastating method of attack against Joomla powered sites is SQL injection. Any web application that makes use of a database usually communicates with the database for necessary functions using a special language known as 'Structured Query Language', or SQL. Joomla, by the way, uses an open source implementation of this language, MySQL.
Featured
Cross Site Scripting is a hacking technique whereby malicious scripting code (usually javascript) is injected into user input forms (in a similar way to SQL injection attacks) or incorporated in a URL query string.
Featured
Remote File Inclusion (RFI) is a type of vulnerability most often found on websites. It allows an attacker to include a remote file, usually through a script on the web server. His pair, Local File Inclusion or LFI is basically the same technique, used on sites which have been successfully penetrated, and the hacker "planted" his files already on the server.
Subcategories
Hacking the core Article Count: 12
Don't do this! We are not recommending doing ANY hacks in Joomla! core! You will compromise both upgradeability of your site - and potentially your security. But sometimes you are facing a situation when you need to do this... and then you can look up for a potential solution here. Use these tips only on your own risk - there are no guarantees!
Component hacks Article Count: 18
Hacking the main add-ons, the components running under Joomla! to add new features, functionalities, to enhance or even to fix them
Template trickery Article Count: 26
Template is an essential part of a Joomla site. It's not only simple HTML/CSS/PHP/JS wich let's you show your content, it's a genuine shell with endless of possibilities for success - and failure. There are defined not only how your site will look like for your human visitors, but also for searchengines too. So it's your primary tool in your SEO efforts.
And also it's first line of your defence too. Lots of security holes can be opened with a badly written template! And also, don't forget, that might be the biggest resource hog - so the first place to optimize your site's performance.
More: has a tremendous amount of power built in. You should unleash that, and master it.
Dictionary Article Count: 20
You might heard lot of weird expressions and acronyms when is coming about hacking. What XSS, LFI and all these things are meaning? You can find'em here!
Module crafting Article Count: 2
The module you just installed does not works exactly as you need it? Dont be lazy or shy, do some crafting, bricolage, whatewer you like - and are qualifyed for! DIY - Joomla style.
