Joomla! eXtplorer vulnerability – fixed!

hacklogo

Yesterday, my day ended delivering a webinar on Joomla security, only to start today with a new critical vulnerability found in a popular Joomla! extension – eXtplorer File Manager. This vulnerability is a classic example of two of the most popular ways to exploit an application: vulnerable plugin and weak login details. Of course as soon as the issue got discovered we started working on protecting our Joomla customers on a server level. Below I will explain the vulnerability, what we did to fix it on our servers, and what you should do if you are not hosted by SiteGround.

eXtplorer File Manager vulnerability explained

eXtplorer File Manager is a full-fledges stand-alone file manager. It also has a Joomla extension that allows you to manage your files directly from the Joomla! administrative area. By installing eXtplorer extension for Joomla you also install a separate eXtplorer administrative interface, of which you may even not be aware. The problem with this stand-alone interface is that the login details for it are automatically created as admin/admin, and at the same time it is publicly accessible by default! Thus, anyone can easily login to the eXtplorer File Manager and then upload any files to your Joomla! Site.

What we did to prevent hackers from accessing vulnerable sites?

Our security team quickly created custom Apache mod_sec rules to filter the requests. This means that if someone tries to access the eXtplorer separate administrative interface the default login details will not work and the login page will be simply reloaded.

If, by any chance, you were using this interface yourself with the admin/admin login details (which we highly doubt any of our customers, who have followed our security tips, would do), you can contact our support for a password reset. If you are using the eXtplorer plugin in the usual way – through your Joomla admin, you should not take any further action.

What to do if you are not hosted by SiteGround?

If you are not hosted on our servers you have two options:

1.     The first way to resolve the issue is to immediately change the default password for the eXtplorer separate administrative interface. To do this access the interface at:

http://yourdomain.com/administrator/components/com_extplorer/

Then login and change the password for the default admin username.

2. The second way to resolve the issue is to create an .htaccess file in the com_extplorer folder and add the following line to it:

deny from all

This way the eXtplorer separate administrative interface will not be accessible at all and hackers will not see the login page.

All in all, if your site is hosted on our server you can relax and enjoy the upcoming holidays. If not, you have to change your eXtplorer login details before hackers manage to edit your site and steal important information from your site. Of course, you can always transfer your site to our servers 🙂

Access email sent!

Sign Up For
More Awesome Content!

Subscribe to receive our monthly newsletters with the latest helpful content and offers from SiteGround.

Thanks!

Please check your email to confirm your subscription.

Daniel Kanchev

Director Product Development

Daniel is responsible for bringing new products to life at SiteGround. This involves handling all types of tasks and communication across multiple teams. Enthusiastic about technology, user experience, security and performance, you can never be bored hanging around him. Also an occasional conference speaker and travel addict.

Comments ( 2 )

author avatar

Stephan

Dec 20, 2013

All my websites are hosted at SiteGround, so... Who is gonna enjoying holidays ? Myself ! Who is gonna be tnaks for that ? Daniel ! Thanks to all SiteGround team and have a nice time !

Reply
author avatar

Joseph

Dec 20, 2013

Thanks SiteGround, you make fantastic job again!

Reply

Start discussion