"I think that there is a bigger picture to look at here. The Joomla CMS is just another example of a 3rd party application being vulnerable due to lack of security ownership.
We have been looking deeply into CMS systems such as WordPress, Joomla and others lately. There is a clear appetite for hackers to look into vulnerabilities in CMS software, and more important – custom plug-ins. There have already been several studies showing both the consumer growth of the CMS deployment, but also the vulnerable stage of it. This extends to more than just CMS systems, but to every piece a of 3rd party application that one might implement in their organization. And while bringing the organization forward in technology, all of a sudden you lack patch control. You have to rely on the vendor to execute security best practices. Unfortunately we live in a world where security is yet to be something you outsource completely.
In a webinar that we recently delivered we have looked into a live botnet, that not only uses WordPress as a platform to hack into, but then injects malicious software, installs a bot on the server, adding it to the botnet, and then using zombies to continue grow the botnet. It’s a funny game, since most companies want their CMS up and running, small maintenance windows, and minimum amount of involvement from developers, while most of the useful plug-ins used in order to decorate, add functionality and run the website – include vulnerabilities in them. Since it’s a 4th party of a 3rd party application – no one actually owns patching!
The specific Joomla vulnerability mentioned is a simple and devastating one. It is very sad to see that even simple vulnerabilities such as this are still not accounted for when developers are proofing their applications and application infrastructure. It was quite expected to see a hacker going for it, and leveraging the simple “0day” and get results fairly quickly. Unfortunately with a platform like Joomla (which is the third largest CMS in the world in terms of deployment), it’s very easy to use a tool like Google search, to identify and fingerprint websites running Joomla with the vulnerable version, and just hack the sites on the search results."