About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Joomla ACL Security Vulnerabilities- 348

Rohan SharmaPosted 5 Years Ago
  • Joomla is a content management system (CMS), very similar to Wordpress. The ACL (access control lists) are what restricts who can access what.
  • The ACL list could be bypassed by including a new ACL within a parameter for a request. Even though this user should have the ability to alter the permissions of a category, they can!
  • In terms of exploitability, it is fairly unlikely. In order to edit the ACL, a user has to have access to the object in the first place. The exploit situation is having three having: super-user, manager1 and manager2, where the super-user controls permissions and only manager1 has access to the resource. Manager1 could alter the permissions to allow manager2 to see it.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed