Joomla com_Myblog Exploit Arbitrary File Upload Vulnerability
Details of BNVL-2018-0035
What does the BNVL label mean?
BitNinja Server Security’s BNVL identifiers are intended for use to identify publicly known information security vulnerabilities in publicly released software packages. This project was designed to collect and analyze attack information from the BitNinja network after cluster analysis by the AI-powered Attack Vector Miner. More than 100 vulnerability types have been discovered with this project so far, so we decided to publish this platform to help to keep Linux server owners up-to-date.
Syntax for BNVL labels:
BNVL prefix + Year + Arbitrary Digits
Name : Joomla com_Myblog Exploit Arbitrary File Upload Vulnerability
Related Links: http://labs.sucuri.net/?note=2015-09-08
CVE ID: Na
This code uploads a PHP backdoor disguised as a JPG file using a vulnerability in a really old (and it looks like, not longer supported) My Blog Joomla component.
Still some webmaster use it on Joomla 1.5.x sites and this exploit has proven to be efficient as you can read in this blogpost. This blogpost also provides a quick fix for this vulnerable component. Apply it if you still use legacy versions of this component, but also consider upgrading your site to use software that is up to date (Both Joomla and third-party components, plugins and templates)