Joomla内容管理系统漏洞利用技术

doi:10.7523/j.issn.2095-6134.2015.06.015

中国科学院大学学报 ›› 2015, Vol. 32 ›› Issue (6): 825-835.DOI: 10.7523/j.issn.2095-6134.2015.06.015

Joomla内容管理系统漏洞利用技术

董颖, 张玉清, 乐洪舟

中国科学院大学国家计算机网络入侵防范中心, 北京 101408

收稿日期:2014-08-01 修回日期:2015-05-18 发布日期:2015-11-15
通讯作者: 董颖
基金资助:
国家自然科学基金(61272481)、360项目和国家发改委信息安全专项(发改办高技[2012]1424)资助

Vulnerability exploitation for Joomla content management system

DONG Ying, ZHANG Yuqing, YUE Hongzhou

National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing 101408, China

Received:2014-08-01 Revised:2015-05-18 Published:2015-11-15

摘要/Abstract

摘要：

设计并实现Joomla的漏洞利用工具JoomHack,使用针对Joomla CMS的特点精心构造成的攻击向量组建在线共享更新的漏洞检测库,遍历攻击向量来进行漏洞测试利用,以漏洞库中的攻击向量作为种子,扩展成新的攻击向量,大大提高了漏洞利用成功率.使用该工具和Joomscan以及其他通用渗透测试工具对不同版本的Joomla CMS进行漏洞扫描,结果证明该工具对于Joomla CMS的漏洞利用具有更高的优越性.JoomHack可以有效地对Joomla站点进行漏洞扫描利用以及风险评估,为漏洞修复等安全工作打下基础,是一种效果好成本低的Web应用安全防护方案.

关键词: Joomla, 共享漏洞库, 风险评估, 漏洞利用, Web安全

Abstract:

We propose and develop a vulnerability exploitation scheme, called JoomHack. We use online shared and updatable vulnerability detection library of attack patterns, traverse them to exploit vulnerabilities, use attack patterns in database as seeds to generate new ones, and bring higher success rates. Experiments show that JoomHack takes advantage over Joomscan and other penetration tools of superiority when exploiting Joomla-based web system. JoomHack exploits vulnerabilities, assess risk for Joomla site effectively, and lay the foundation for web security work such as bug fixes. It is effective and has low cost for the improvement of web security.

Key words: Joomla, shared vulnerability library, risk assessment, vulnerability exploit, web security

中图分类号:

TP393

董颖, 张玉清, 乐洪舟. Joomla内容管理系统漏洞利用技术[J]. 中国科学院大学学报, 2015, 32(6): 825-835.

DONG Ying, ZHANG Yuqing, YUE Hongzhou. Vulnerability exploitation for Joomla content management system[J]. , 2015, 32(6): 825-835.

参考文献

[1] IBM. IBM Internet Security Systems X-Force 2013 mid-year trend statistics[EB/OL]. (2013-10-19)[2014-07-20]. http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?subtype=WH&infotype=SA&appname=SWGE_WG_WG_USEN&htmlfid=WGL03036USEN&attachment=WGL03036USEN.PDF.

[2] CERT Australia. Cyber crime and security survey report[EB/OL]. (2013-09-19)[2014-07-20]. http://www.canberra.edu.au/cis/storage/Cyber%20Crime%20and%20Security%20Survey%20Report%202012.pdf.

[3] Fong E, Okun V. Web application scanners:definitions and functions[C]//System Sciences, IEEE International Conference, 2007:280-287.

[4] Yeo J. Using penetration testing to enhance your company's security[J]. Computer Fraud & Security, 2013(4):17-20.

[5] Farooq A, Javed F, Hussain M, et al. Open source content management systems:a canvass[J]. International Journal of Multidisciplinary Sciences and Engineering, 2012(3):38-43.

[6] W3techs. World wide web technology surveys[EB/OL]. (2013-03-23)[2014-07-20]. http://w3techs.com.

[7] W3techs. Historical trends in the usage of content management systems for websites[EB/OL]. (2013-07-31)[2014-07-20]. http://w3techs.com/technologies/history_overview/content_management/all.

[8] OpenSource CMS. CMS demos & information[EB/OL]. (2013-03-27)[2014-07-20]. http://www.opensourcecms.com/.

[9] Joomla. What is Joomla?[EB/OL]. (2013-03-27)[2014-07-20]. http://www.joomla.org/about-joomla.html.

[10] Patel S K, Rathod V R, Prajapati J B. Comparative analysis of web security in open source content management system[C]//Intelligent Systems and Signal Processing (ISSP), IEEE International Conference, 2013:344-349.

[11] Patel S K, Rathod V R, Parikh S. Joomla, Drupal and WordPress:a statistical comparison of open source CMS[C]//Trends in Information Sciences and Computing (TISC), IEEE International Conference on, 2011:182-187.

[12] Patel S K, Rathod V R, Prajapati J B. Performance analysis of content management systems:Joomla, Drupal and WordPress[J]. International Journal of Computer Applications, 2011(4):39-43.

[13] Walden J, Doyle M, Welch G A, et al. Security of open source web applications[C]//Proceedings of the 20093rd International Symposium on Empirical Software Engineering and Measurement, IEEE Computer Society, 2009:545-553.

[14] Jensen T, Pedersen H, Olesen M C, et al. THAPS:automated vulnerability scanning of PHP applications[M]//Secure IT Systems, Springer Berlin Heidelberg, 2012:31-46.

[15] 2011 Open source awards[EB/OL]. (2013-03-28)[2014-07-30]. http://www.packtpub.com/open-source-awards-home.

[16] Rahmel D. Joomla database administration and configuration[M].Advanced Joomla!, Apress, 2013:185-210.

[17] Rahmel D. Joomla and web services[M]. Advanced Joomla!, Apress, 2013:131-157.

[18] Rahmel D. Customizing Joomla with widgets[M]. Advanced Joomla!, Apress, 2013:25-43.

[19] Rahmel D. Joomla security administration[M]. Advanced Joomla!, Apress, 2013:159-183.

[20] Joomla. What is Joomla?[EB/OL]. (2013-04-09)[2014-07-30]. http://www.joomla.org/about-joomla.html.

[21] OWASP. Category:OWASP top ten project[EB/OL]. (2013-05-02)[2014-07-30]. https://www.owasp.org/index.php/Cate gory:OWASP_Top_Ten_Project.

[22] NVD. National vulnerability database[EB/OL]. (2013-05-23)[2014-07-30]. http://nvd.nist.gov/.

[23] EDB. The exploit database[EB/OL]. (2013-05-23)[2014-07-20]. http://www.exploit-db.com/.

[24] Kieyzun A, Guo P J, Jayaraman K, et al. Automatic creation of SQL injection and cross-site scripting attacks[C]//Software Engineering, IEEE 31st International Conference, 2009:199-209.

[25] Hoebel V. The Joomla hacking compendium[EB/OL]. (2013-05-03)[2014-07-20]. http://www.exploit-db.com/papers/15780/.

[26] Lam M S, Martin M, Livshits B, et al. Securing web applications with static and dynamic information flow tracking[C]//Proceedings of the 2008 on Partial evaluation and semantics-based program manipulation, ACM Sigplan symposium, 2008:3-12.

[27] Bau J, Bursztein E, Gupta D, et al. State of the art:automated black-box web application vulnerability testing[C]//Security and Privacy (SP), IEEE Symposium, 2010:332-345.

[28] Jovanovic N, Kruegel C, Kirda E. Pixy:a static analysis tool for detecting web application vulnerabilities[C]//Security and Privacy, IEEE Symposium, 2006.

[29] Wassermann G, Su Z. Sound and precise analysis of web applications for injection vulnerabilities[C]//Sigplan Notices, ACM, 2007:32-41.

[30] Kals S, Kirda E, Kruegel C, et al. Secubat:a web vulnerability scanner[C]//Proceedings of the 15th international conference on World Wide Web, ACM, 2006:247-256.

[31] Huang Y W, Huang S K, Lin T P, et al. Web application security assessment by fault injection and behavior monitoring[C]//Proceedings of the 12th international conference on World Wide Web, ACM, 2003:148-159.

[32] Mavituna Security. What is Netsparker?[EB/OL]. (2013-03-29)[2014-07-30]. https://www.mavitunasecurity.com/netsparker/.

[33] Janusec. WebCruiser|Web Vulnerability Scanner, SQL Injection Tool![EB/OL]. (2013-03-31)[2014-07-30]. http://sec4app.com/.

[34] Acunetix. Audit your website security with acunetix web vulnerability scanner[EB/OL]. (2013-03-39)[2014-07-30]. http://www.acunetix.com/vulnerability-scanner/.

[35] Sense Post. Wikto[EB/OL]. (2013-04-20)[2014-07-30].http://research.sensepost.com/tools/web/wikto.

[36] IBM. Appscan[EB/OL]. (2013-04-03)[2014-07-30].http://www-03.ibm.com/software/products/us/en/appscan/.

[37] OWASP. ZAP[EB/OL]. (2013-03-10)[2014-07-30].https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project.

Joomla内容管理系统漏洞利用技术

Vulnerability exploitation for Joomla content management system

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 7

编辑推荐

Metrics

本文评价

访问统计

联系我们

[1]	王振洲, 崔岩山, 张震南, 尹乃毅, 蔡晓琳, 都慧丽. 生菜和油菜中砷的生物可给性及其对人体的健康风险评估[J]. 中国科学院大学学报, 2015, 32(6): 735-742.
[2]	李晓琦, 刘奇旭, 张玉清. 基于模拟攻击的内核提权漏洞自动利用系统[J]. 中国科学院大学学报, 2015, 32(3): 384-390.
[3]	廖志恒, 任明忠, 孙家仁, 范绍佳, 吴兑. 垃圾焚烧厂排放重金属Pb的吸入性健康风险评估[J]. 中国科学院大学学报, 2014, 31(3): 410-417.
[4]	张敏, 蔡五田, 孙琳, 耿婷婷, 任涛. CLEA模型及其在中国应用典型案例剖析[J]. 中国科学院大学学报, 2013, 30(6): 779-785.
[5]	郑美林, 曹伟. 中国东北地区外来入侵植物的风险评估[J]. 中国科学院大学学报, 2013, 30(5): 651-656.
[6]	陈景峰, 王一丁, 张玉清, 刘奇旭. 存储型XSS攻击向量自动化生成技术[J]. 中国科学院大学学报, 2012, (6): 815-820.
[7]	王夏莉, 张玉清. 一种基于行为的XSS客户端防范方法[J]. 中国科学院大学学报, 2011, 28(5): 668-675.