Joomla Content Management System Cyber Security Notes
What Is a CMS?
joomla :- A Content Mnagement System(CMS), is a system that allows you to manage information easily and effectively. The information could be anything, whether it’s a simple article or a complex media management system.
It’s for non-technical users based system that allows them organize content easily and makes the process easily rather than hectic. In any web-based application, there are three basic operations
Example: WordPress , Joomla , drupal etc…
Joomla is an open source CMS that allows you to generate web content and powerful applications.
WordPress and Joomla
WordPress is now a multi-purpose content management system that powers over 31% of all the websites on the Internet (including a lot more than just blogs!).
Joomla is the second most popular content management system, powering around 3% of all the websites on the Internet.
—> Functionality – WordPress calls these plugins, while Joomla calls them extensions.
—> Aesthetics – WordPress calls these themes, while Joomla calls them templates.
Installation Of Joomla (Setting Up of Joomla)
Step 1: visit https://downloads.joomla.org/cms/joomla3/3-7-1
Step 2: Download and extract it.
Step 3: Now copy the folder to c://xampp/htdocs
Step 4: Open it in browser
Step 5: Fill the details in first tab and click Next.
Step 6: Create a database for joomla.
Step 7: Add a User and assign Priveleges.
Step 8: Now go to C:\xampp\htdocs\Joomla\installation\sql\mysql
Step 9: Open Joomla.sql
Step 10: Change ENGINE=InnoDB to ENGINE=MyIsam
Step 11: save it then click on next option of Next page
Step 12: Click on Install
Step 13: Remove the installation folder other next time it will open the same setup
Step 14: We get two interfaces one is of the index page or front page visible to users and the next is your admin panel
step 15: visit both of them and later on login to the Admin page then go to Extensions —> templates —> protostar —-> open details of theis template
Step 16: visit index.php
Step 17: open KALI and create a payload and save it in file and start listening
Step 18: copy the uploading script available at: https://github.com/ t3rabyt3/Gravy-Uploader
Step 19: paste it in the index.php i.e. replace the actual code with this
Step 20: refresh the user page
Step 21: we get the uploading option available and then we will upload the script created in Step 17.
Step 22: Now just open the file(malicious php code along which payload is embeded) present in the server to run your script
Stp 23:we run the script and on the other side we got the meterpreter session.
Step 24: ENJOY … 🙂